Microsoft: Office 365 was not SolarWinds initial entry point for hackers. The company’s CEO says the company “has not identified a specific vulnerability in Office 365 that would have allowed the threat actor to enter our environment” Microsoft: “We have investigated thoroughly and have found no evidence they [SolarWinds] were attacked via Office 365″ CISA Director Brandon Wales says hackers gained access to targets using a multitude of methods, including password spraying and through exploits of vulnerabilities in cloud software. SolarWind’s CEO Sudhakar Ramakrishna took over as CEO about one month after the supply chain attack became public.”]
Source: https://www.cuinfosecurity.com/microsoft-office-365-was-solarwinds-initial-attack-vector-a-15939