Hackers, supposedly based in Russia, attempted to read CrowdStrike emails reported Microsoft. The incident took place on Dec 15th and seemed to have been facilitated by a several-month-old reseller’s account.
According to their blog, they state that the attempt failed, and no information was leaked. Further investigation into the matter found several unusual calls were made using the Azure account. The calls were directed to Microsoft cloud APIs. The attack was assumed to also be related to the attacks on Solarwind.
CTO of CrowdStrike, Michael Sentonas said this,
Reviewing their systems after the attack as well as Azure services, CrowdStrike did not find any breaches in their security. Nevertheless, they released a post detailing their changes to Azure.
Michael further stated,