News Tech

US cyber board to investigate Microsoft hack of government emails

A U.S. review board tasked with investigating major cybersecurity incidents said it will begin looking at the recent intrusion

A U.S. review board tasked with investigating major cybersecurity incidents said will begin looking the recent intrusion of U.S. government email systems provided by Microsoft, whose handling of the incident drew ire and scrutiny from federal lawmakers and the wider security .

The Cyber Security Review Board, or CSRB, said Friday that its latest investigation will include a “broader review of issues relating to cloud-based and authentication infrastructure.”

The board said it began considering an investigation after learning of the Microsoft cloud breach, which saw China -backed hackers break into government email accounts, including the inbox of U.S. Commerce Secretary , several officials at the U.S. Department, and other organizations not yet publicly named.

According to the slow-drip of information about the incident, Microsoft said China-backed hackers stole a sensitive signing key that allowed unauthorized access to enterprise and government email inboxes hosted by the technology giant. That stolen , coupled with a flaw that Microsoft has since patched, allowed the forging of authentication tokens that the hackers used to access the target's email accounts as if they were the rightful owners.

The intrusions began in mid-May but were not detected until a month later, when State Department officials detected the and notified Microsoft. It was only because the State Department used a higher-paid tier account that allowed access to logs that Microsoft keeps, which first revealed the hacks. Other departments with a lower paid tier were not given access to logs that may have spotted the intrusions sooner.

Following criticism, Microsoft capitulated soon after, saying it would make logs available for customers at no additional cost from September.

Ron Wyden, a Democratic lawmaker the Senate Intelligence Committee, blasted Microsoft in a scathing letter to government agencies requesting an investigation into whether “lax cybersecurity practices” enabled Chinese hackers to spy on high-ranking federal government officials.

Wyden also called on the CSRB to investigate the incident.

In carrying out a post-mortem of the hack, Homeland Security secretary Alejandro Mayorkas said in remarks it was “imperative” to understand the vulnerabilities in cloud technologies that are relied on by U.S. organizations.

“Actionable recommendations from the CSRB will help all organizations better secure their and further resilience,” said Mayorkas.

This is the CSRB's third investigation since it was founded by executive order in 2021 by President Biden. The board, which includes representatives from government and cybersecurity experts in the private sector, serves to review major cybersecurity events and identify recommendations to prevent future incidents.

The CSRB's first investigation looked at the fallout from the Log4j vulnerability in 2020, and its second — published this — examined recent attacks by the Lapsus$ hacking group,

About Author

Leave a Reply

SOFAIO BLOG We would like to show you notifications for the latest news and updates.
Dismiss
Allow Notifications