Security News > 2020 > December > Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers

The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be making "Abnormal calls" to Microsoft cloud APIs during a 17-hour period several months ago.

The undisclosed affected reseller's Azure account handles Microsoft Office licensing for its Azure customers, including CrowdStrike.

It also coincides with a new report from The Washington Post today, which alleges Russian government hackers have breached Microsoft cloud customers and stolen emails from at least one private-sector company by taking advantage of a Microsoft reseller that manages cloud-access services.

"Our investigation of recent attacks has found incidents involving abuse of credentials to gain access, which can come in several forms. We have not identified any vulnerabilities or compromise of Microsoft product or cloud services," Microsoft's Senior Director Jeff Jones said in an email response to The Hacker News.

CrowdStrike has also released CrowdStrike Reporting Tool for Azure, a free tool that aims to help organizations review excessive permissions in their Azure Active Directory or Office 365 environments and help determine configuration weaknesses.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/z6WKAOG-LSw/microsoft-warns-crowdstrike-of-hackers.html