Posted on 07/13/2023 12:55:46 AM PDT by Libloather
An FBI investigation is underway after Commerce Secretary Gina Raimondo's email was hacked into by Chinese cyberspies.
U.S. officials say that Raimondo is the only Cabinet-level official whose account was compromised in the attack, according to The Washington Post – but a congressional staffer, human rights advocate and think tank were also targeted.
The State Department discovered a vulnerability in Microsoft's cloud last month. The only two executive branch agencies known to have emails breached are the Commerce and State Departments.
The targeted cyber espionage campaign has been mitigated. But not before the hackers had access to the email accounts for about a month before being cut-off.
Nine U.S. organizations were victimized by the cyber attack with some email accounts compromised at each entity, a senior Homeland Security official said.
Microsoft says that a total of 25 organizations worldwide were hacked.
'U.S. government safeguards identified an intrusion in Microsoft's cloud security, which affected unclassified systems,' National Security Council spokesman Adam Hodges told the Post.
'Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,' he added. 'We continue to hold the procurement providers of the U.S. government to a high security threshold.'
Discovery of the hack coincided with Secretary of State Antony Blinken's trip to Beijing last month.
Beijing has been open in denouncing Raimondo's Commerce Department imposing harsh export controls on Chinese companies, which the CCP says is a malicious suppression tactic.
An FBI investigation is ongoing into the matter.
A person familiar with the matter said it does not appear that any email accounts of Pentagon, intelligence or military officials were affected.
(Excerpt) Read more at dailymail.co.uk ...
What kind of Tard uses a Microsoft Cloud account?
Someone who does government business on a personal email system?
Never mind. She's a politico of a certain age.
Not a defect -— a FEATURE!
Give an economic enemy your secrets without leaving your digital fingerprints on the gift.
You took the words...
Some insider bales on Mrs. Cravitz.
“’U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems,’ National Security Council spokesman Adam Hodges told the Post.“
And:
“The State Department discovered a vulnerability in Microsoft’s cloud last month. The only two executive branch agencies known to have emails breached are the Commerce and State Departments.“
___________________
So, commerce and state department email systems aren’t considered classified?
Oh goody. FBI investigations always instill great amounts of confidence in me, but I wonder if she used “password,” as her password?
Enhanced Monitoring to Detect APT Activity
Targeting Outlook Online
SUMMARY
In June 2023, a Federal Civilian Executive Branch (FCEB) agency identified suspicious activity in their Microsoft 365 (M365) cloud environment. The agency reported the activity to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA), and Microsoft determined that advanced persistent threat (APT) actors accessed and exfiltrated unclassified Exchange Online Outlook data.
CISA and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory to provide guidance to critical infrastructure organizations on enhancing monitoring of Microsoft Exchange Online environments. Organizations can enhance their cyber posture and position themselves to detect similar malicious activity by implementing logging recommendations in this advisory. Organizations that identify suspicious, anomalous activity should contact Microsoft for proceeding with mitigation actions due to the cloud-based infrastructure affected, as well as report to CISA and the FBI. Excerpt.
They probably used the same gap the FBI uses.
What a nation of inept buffoons we’ve become.
Probably getting stuck translating and interpreting “10 percent to the Big Guy”
Is that a euphemism for "She was selling secrets"?
Of course not.... she capitalized the word....... Password....
Gina Raimondo, a crack commerce expert selected for her competence
Another box-ticker, “Rhymes with China” Gina.
I assume they mean MS Azure but I would imagine MS uses Azure to host MS 365, Office 365, OneDrive and all their online apps. I think over half of all businesses use one of those MS services/apps.
The small company I work for does. I use it as little as possible and for personal use, I have web hosting and run NextCloud. Even then, nothing crucial or identifying is on it. My biggest use for it is to share gardening literature with FReepers on the weekly gardening threads. All the literature can be found freely on the web. I collected and organized it over the years.
As of a couple years ago, about 75% of corporate email users in the US were hosted on by Microsoft on Office 365; the Microsoft cloud. Information Security is an illusion that corporations spend BILLIONS of dollars each year trying to maintain.
Too many unfortunately. When I do security consulting and the topic of public clouds comes up I usually get a response similar to “but brawndo has electrolytes”. As long as they have been informed my job is technically done. Many users are caught on the illusion of security because of X parent company, no matter how many times that company has been exploited. Typically it isn’t until the user company has been directly effected in a negative way do we get the green light start making recommended changes and hardening.
Most of the US government is switching to cloud services.
The problem is that genunine technical experts have almost no input into govenrment contracting decisions for procurement of standard commercial contracts. But burueacrats get to specify lots of special requriements that may or may not actually provide something the government needs. Meanwhile it will often be overly prescriptive so that the car that was sold will have all the required parts, gone through all the necessary contactor assured test, but the engine won’t run after 1,000 miles or some such.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.