July 13, 2023
Microsoft has reported over 25 organizations email accounts have been breached by Chinese hacking group Storm-0558. CISA reports the data stolen from these organizations, which included US federal agencies and state department were non-classified.
“Last month, U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems. Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service” -Adam Hodge
The investigation concluded that the threat group was able to perform the breach by “forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key.”.
CISA reports that crucial logs that could have been used to detect malicious activity were not available in the free tiers, and the organizations would not have been able to detect the activity unless they had upgraded to a paid tier. In response to this, CISA has been working with Microsoft to open access to logs without needing to upgrade to paid tier.
The attack is still under investigation.
Our team is here to help lock down, clean up, evidence, or report after a breach occurs.