A little behind, but still worth posting: Crowd Strike doesn’t get owned

While we’ve been on break, I’ve had an article sitting here that I read in regards to the Solar Winds breach which was talked about on this past Tuesday’s Security Now which I’d like to try and catch.

The article is entitled SolarWinds hackers also went after CrowdStrike and it was definitely interesting to read it when I did.

There really isn’t much neews since then except that people should be more aware of whats going on, and watch for possible attacks, but I sense we won’t have anything new until next year.

What was interesting about this article is that the actors attempted to breach Crowd Strike and was unsucessful. This is probably the best news we can get out of this ordeal, and its a glimmer of hope anyway.

Microsoft told CrowdStrike that “several months ago,” the Microsoft Azure account of a Microsoft reseller was making “abnormal calls” to Microsoft cloud
application programming interfaces (APIs). The account managed Microsoft Office licenses for CrowdStrike.

The attackers tried to access emails, but Microsoft said the attempt was unsuccessful, according to CrowdStrike. “As part of our secure IT architecture,
CrowdStrike does not use Office 365 email,” Sentonas said.

“We have conducted an extensive review of our production and internal environments and found no impact,” Sentonas said. “CrowdStrike conducted a thorough
review into not only our Azure environment, but all of our infrastructure for the indicators shared by Microsoft.” <;/blockquote> This is similar to me getting email saying that my account would be closed if I didn’t provide details, yet the email was sent through a contact form, or even directly.

If my account were to be closed, I could just bring it back, as it is under my control. Good job, Crowd Strike, you succeeded in this one because they tried to get at something you didn’t have.

Want to read more about this latest I’ve been holding on to? The link is above, and lets open this up for comment.