SolarWinds Hack: Microsoft Reseller Steals Email and Other Azure Customer Data
The well-coordinated attack on SolarWinds’ infrastructure, which we wrote about in detail, led to the hacking of Microsoft cloud clients and theft of emails from at least one private company, according to the Washington Post informants. The breach has affected numerous US government agencies and corporate computer networks.
According to whistleblowers, the invasion appears to have taken place through Microsoft’s corporate partner, which provides cloud access resale services. Microsoft hasn’t publicly commented on this. On Thursday, one of the tech giant’s executives tried to play down the severity of the problem. “Our investigations into recent attacks have uncovered credential abuse incidents that can take several forms, ” said Jeff Jones, senior director of communications at Microsoft. ” We still haven’t identified any vulnerabilities or compromises to Microsoft products or cloud services. “
But the other day, according to a blog post from cybersecurity firm CrowdStrike, Microsoft notified them of an issue with its Azure customer licensing reseller. In a post, CrowdStrike warned customers that Microsoft had detected unusual behaviour on the Azure CrowdStrike account and that there was a failed attempt to read the email. Whistleblowers said the attack did not exploit any Microsoft vulnerabilities. The software giant itself was not hacked – only one of its partners.
However, information security experts consider the situation to be extremely worrying. “If it’s true that the cloud provider’s customer data has been stolen and is in the hands of an attacker, this is a very serious situation,” said John Reed Stark, managing director of a consulting firm and former head of the Securities and Exchange Commission. … ” This should raise a lot of alarm within the cloud provider and could lead to a range of notification, correction and disclosure requirements – both domestically and internationally. ”
Microsoft said in a blog post last week that it notified more than 40 customers that they had been hacked. Some of them were hacked through a third party. If an attacker has compromised the reseller and stolen credentials, they can use them to gain widespread access to Azure accounts. Once inside a particular customer’s account, an attacker has the ability to read and steal emails and other information. Two Washington Post informers argue that Microsoft did not promptly warn the government about the reseller hack issue.
A Microsoft spokesman in an interview with reporters described the problem with the reseller as a variation of the previous hack, and not as a fundamentally new situation. At the same time, he refused to answer questions about when the firm discovered the problem with the reseller, how many customers the latter had, how many of them were hacked, and whether this reseller had warned his customers. “We have various agreements with people, and we will not share detailed information about our interactions with specific partners or clients,” he said.
Hacking a Microsoft partner does not absolve the software giant from legal liability, experts say. When hackers stole the data of over 100 million credit card holders from the cloud of a large bank that used Amazon Web Services last year, customers sued both the bank and AWS. In September, a federal judge rejected Amazon’s petition to remove it from the list of defendants because the cloud provider’s “negligent behaviour” allegedly made the attack possible.
US government and private sector sources report that the total number of victims of the SolarWinds hack – agencies and companies whose data has been stolen – is likely to be no more than a few hundred, not thousands, as previously thought. But even one major agency hack can have enormous consequences.