Microsoft tightens Zero-Trust protocol after releasing gov hack findings

In a report released Wednesday, Microsoft published the findings of its internal investigation which detailed that, for more than two years, Chinese hackers accessed high-level, US and European governmental agencies’ email accounts before the breach was discovered in June.
The Chinese-based criminal, Storm-0558, first gained access to the Microsoft emails in April 2021. The breach affecting 33 U.S. and global entities happened when a bug caused Microsoft’s email system to crash, resulting in a data purge that inexplicably contained email access keys. The hacker then forged security tokens that allowed backdoor access to
As Microsoft admitted, at the time, the system didn’t alert IT to the issue as it should have, and the crack went unnoticed until just two months ago. Microsoft said that it released the investigative findings “as part of our commitment to transparency and trust,” adding that the company was working to tighten up its security protocols.
“For this reason — by policy and as part of our Zero-Trust and ‘assume breach’ mindset — key material should not leave our production environment. While these tools are important, they also make users vulnerable to spear phishing, token stealing malware, and other account compromise vectors,” Microsoft said, referring to emails, conferencing, and web research tools that were used previously by corporate-level employees.

Ted Miracco, CEO, Approov Mobile Security had this to say:

   “The two most disconcerting parts of the report are that: Storm-0558 could forge tokens to access email accounts of high-level officials; and that the breach persisted for years without being discovered. This would lead one to question how many other accounts are being compromised today with forged tokens, and how do you go about identifying additional compromised accounts?

   “The findings reinforce that constant vigilance is required to stay ahead of sophisticated attackers, and keys and tokens need to be rotated frequently to prevent persistent access to compromised accounts.”

Microsoft should get some kudos for posting this info as it is not easy to admit where you’ve gone wrong. But let’s see what Microsoft does going forward to make sure that this situation isn’t repeated.

Leave a Reply

%d bloggers like this: