WASHINGTON (Reuters) -The suspected Russian hackers blamed for breaking into a series of U.S. government agencies and cybersecurity company FireEye also made a failed attempt to hack into cybersecurity firm CrowdStrike, the Sunnyvale, California-based company said in a blog post.
CrowdStrike said that it was alerted by Microsoft on Dec. 15 that the hackers had tried to read CrowdStrike’s emails using a Microsoft reseller’s account “several months ago.”
CrowdStrike said in its blog post that the attempt failed.
Microsoft did not immediately return a message seeking comment on Thursday. The National Security Agency and the Cybersecurity and Infrastructure Security Agency did not immediately return messages.
The use of a Microsoft reseller to try to break into a top digital defense company raises new questions about how many different venues the hackers have had to infiltrate American networks.
Up until now, the Texas-based SolarWinds Corp was the only publicly confirmed vector for break-ins, although officials have been warning for days that the hackers had also used other unspecified avenues to subvert their targets.
Separately, SolarWinds said on Thursday it had released an update to fix the vulnerabilities in its flagship network management software, Orion, following the discovery of a second set of hackers that targeted the company’s products.
The announcement follows a blog post issued by Microsoft on Friday that said that SolarWinds had its software targeted by a second and unrelated group of hackers in addition to the ones linked to Russia.
The identity of the second set of hackers, or the degree to which they may have successfully broken in anywhere, remains unclear.
Russia has denied having any role in the hacking.
(Reporting by Joseph Menn, Raphael Satter, and Munsif Vengattil; Writing by Raphael Satter.Editing by Chizu Nomiyama and Alistair Bell)