Hackers, supposedly based in Russia, attempted to read CrowdStrike emails reported Microsoft. The incident took place on Dec 15th and seemed to have been facilitated by a several-month-old reseller’s account.

According to their blog, they state that the attempt failed, and no information was leaked. Further investigation into the matter found several unusual calls were made using the Azure account. The calls were directed to Microsoft cloud APIs. The attack was assumed to also be related to the attacks on Solarwind.

CTO of CrowdStrike, Michael Sentonas said this,

Specifically, they identified a reseller’s Microsoft Azure account used for managing CrowdStrike’s Microsoft Office licenses was observed making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago,” continuing with “There was an attempt to read email, which failed as confirmed by Microsoft. As part of our secure IT architecture, CrowdStrike does not use Office 365 email.

Reviewing their systems after the attack as well as Azure services, CrowdStrike did not find any breaches in their security. Nevertheless, they released a post detailing their changes to Azure.

Michael further stated,

CrowdStrike conducted a thorough review into not only our Azure environment but all of our infrastructure for the indicators shared by Microsoft. The information shared by Microsoft reinforced our conclusion that CrowdStrike suffered no impact.”


Please enter your comment!
Please enter your name here