The Cyber Safety Review Board (CSRB), a division of the U.S. Department of Homeland Security, released a 34-page report slamming Microsoft for a “cascade of avoidable errors” that allowed Chinese state-backed hackers to strike “the espionage equivalent of gold”, giving it access to the data of the top people responsible for managing the relationship with China — on the eve of a critical diplomatic event.
In the news briefed yesterday in the Sunday Times, details have emerged about Midnight Blizzard, the same nation-state-backed group that had conducted the Teams token-based attack, which we covered in our recent CIX blog post.
The U.S. government’s response to Microsoft’s security measures was far from approving. It highlighted a disturbing incident in January, where a hacking group named Midnight Blizzard infiltrated Microsoft’s corporate email accounts, gaining entry to its source code and other internal systems. The CSRB’s statement was clear: ‘This additional intrusion underscores the board’s concern that Microsoft has yet to implement the necessary governance or prioritization of security.’
Microsoft, in a statement last month, described the Midnight Blizzard hack as an ‘ongoing’ threat. The company warned that the hackers may be using the information they’ve obtained to identify potential areas for future attacks, thereby enhancing their ability to carry out sophisticated nation-state attacks. This underscores the unprecedented global threat landscape we face today.
As we remain vigilant against these ‘ongoing’ threats, it’s crucial for you to stay informed and take necessary precautions. Remember, you have the power to secure and protect your Microsoft 365 environments. Train your staff to identify phishing attempts. Engage with our informative Cyber Information exchange video posts, and don’t hesitate to reach out if you need assistance. Your proactive approach can make a significant difference in safeguarding your digital environment.
Signing off with the words of the late Shaw Taylor, ‘keep ’em peeled’!
