plenordic.blogg.se - Risky sign in azure ad

The information shared by Microsoft reinforced our conclusion that CrowdStrike suffered no impact. As part of our secure IT architecture, CrowdStrike does not use Office 365 email.ĬrowdStrike conducted a thorough review into not only our Azure environment, but all of our infrastructure for the indicators shared by Microsoft.

There was an attempt to read email, which failed as confirmed by Microsoft. Specifically, they identified a reseller’s Microsoft Azure account used for managing CrowdStrike’s Microsoft Office licenses was observed making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago. Whilst doing our review, CrowdStrike was contacted by the Microsoft Threat Intelligence Center on December 15, 2020. We have conducted an extensive review of our production and internal environments and found no impact. Customer security and transparency are CrowdStrike’s top priority. The motivations and true extent of how far reaching this campaign has been will be better understood by the security industry and authorities in weeks, maybe months to come. This is clearly a sophisticated operation carried out over a long period of time.

CrowdStrike does not have any attribution and does not know of any connection to SUNBURST at this time.Ĭompanies and governments around the world are facing one of the most advanced and far-reaching attacks in recent history.

CrowdStrike conducted an extensive review of our production and internal environments and found no impact.

CrowdStrike has observed the challenges that organizations face auditing Azure AD permissions, which is a time-consuming and complex process.CrowdStrike launches CrowdStrike Reporting Tool for Azure (CRT), a free community tool that will help organizations quickly and easily review excessive permissions in their Azure AD environments, help determine configuration weaknesses, and provide advice to mitigate risk.