Security News > 2020 > December > Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers
The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be making "Abnormal calls" to Microsoft cloud APIs during a 17-hour period several months ago.
The undisclosed affected reseller's Azure account handles Microsoft Office licensing for its Azure customers, including CrowdStrike.
It also coincides with a new report from The Washington Post today, which alleges Russian government hackers have breached Microsoft cloud customers and stolen emails from at least one private-sector company by taking advantage of a Microsoft reseller that manages cloud-access services.
"Our investigation of recent attacks has found incidents involving abuse of credentials to gain access, which can come in several forms. We have not identified any vulnerabilities or compromise of Microsoft product or cloud services," Microsoft's Senior Director Jeff Jones said in an email response to The Hacker News.
CrowdStrike has also released CrowdStrike Reporting Tool for Azure, a free tool that aims to help organizations review excessive permissions in their Azure Active Directory or Office 365 environments and help determine configuration weaknesses.
News URL
Related news
- UK’s NCSC Issues Warning as SVR Hackers Target Cloud Services (source)
- Microsoft says Russian hackers breached its systems, accessed source code (source)
- Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets (source)
- Microsoft: Russian hackers accessed internal systems, code repositories (source)
- Microsoft to shut down 50 cloud services for Russian businesses (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)