Posted on 07/12/2023 7:59:45 AM PDT by Right Wing Vegan
Tech giant Microsoft disclosed on Tuesday evening that it discovered a group of Chinese hackers had broken into some of its customers' email systems to gather intelligence.
The company began investigating unusual activity within a few weeks of the initial attack, though the culprits were able to repeatedly manipulate credentials to access accounts.
According to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, one federal government agency first detected unusual activity on its Microsoft 365 email cloud environment last month, and immediately reported the activity to Microsoft and CISA.
CISA did not identify the government agency in question in a blog post published on Wednesday concerning the breach.
The hackers, which Microsoft identified as China-based actors from a group it calls Storm-0558, were able to break in and steal some data from the accounts, according to CISA's blog post. However, the data that was taken was unclassified, according to CISA.
It's unclear how many U.S. government agencies were targets, and what exactly was stolen. However, Microsoft says the attack is now contained.
The breach reveals the ongoing challenge of keeping sophisticated actors out of systems. Microsoft describes the hackers as "well-resourced" and "focused on espionage."
However, this is not the first time Microsoft has been the target of this kind of breach. The U.S. government is putting pressure on companies to hold high security standards.
"Last month, U.S. government safeguards identified an intrusion in Microsoft's cloud security, which affected unclassified systems. Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service," wrote Adam Hodge, the acting senior director for press at the White House's National Security Council, in a statement. "We continue to hold the procurement providers of the U.S. Government to a high security threshold." The spy game
These kinds of hacks are, unfortunately, a common part of the spy game — a game of breaches and patches, protection and response between the U.S. and its adversaries.
The goal is to limit the number of vulnerabilities available for adversaries to exploit, as well as the time hackers are able to lurk inside systems without being detected. Additionally, it's especially important for agencies to protect more sensitive information outside of online email systems. That goes especially for organizations that are attractive targets to spies, from U.S. government agencies to critical infrastructure companies, defense contractors and others.
In this case, CISA confirms that it is Microsoft's responsibility to patch the vulnerability and enhance security for authentication procedures, to prevent hackers from mimicking authorized users.
Even so, CISA advises organizations to be on high alert for suspicious activity, given the recent breach. In an advisory, the agency outlines procedures for enhanced monitoring and logging as well as how to contact Microsoft if suspicious activity is detected.
"Critical infrastructure organizations are strongly urged to implement the logging recommendations in this advisory to enhance their cybersecurity posture and position themselves to detect similar malicious activity," wrote CISA.
At this point you can assume that China and Russia have people working at the big tech companies and the data is being pipelined along with the NSA.
At what point will Microsoft be viewed as the national security risk that it is? What would have to happen? (Haven’t such things already happened?)
A POTUS should make an executive order instructing all U.S. agencies to move all government cyber operations and data off of private companies cloud systems, establish and protect their own.
Bkmk
No,that makes too much sense.
**U.S. government safeguards** identified an intrusion in Microsoft’s cloud security.
Yeah that’s the ticket the Chinese did it.
As long as one is using the Internet, stolen credentials will ALWAYS be an issue, no matter who manages security.
The issue is packets going through routers and connections between third parties that cannot be managed by first parties.
There are no systems using TCPIP on the internet that doesn’t use credentials (user-name, password, and alternate measures-phone, text, call, secret questions, whatever). While these systems are better than just username/password, they can be spoofed.
https://www.computer.org/publications/tech-news/trends/what-is-modern-authentication
Cloud-based systems are better for security—they have more, not less protection, 24/7 HUMAN monitoring of systems and expert groups of thousands that can mitigate and stop attacks.
Having been in the military for 22 years doing cyber security and communications system (Univac, PDP/Vax Ultrix, TCPIP) worked on DDN, then MilNet, and Internet I can tell you there are very few at the working DOD level who do better security—unless the systems are unplugged. I then spent the next 26 years as an MCT and CompTIA instructor.
The problem with unplugged (meaning non-routed communications cut off from Internet TCPIP processing) is the need so many have—even government—to connect to third party customers, clients, data sources and even the public citizen.
The government has separately routed systems that use TCPIP but are not connected to the public Internet for classified communications/processing. But I have seen people put a SIPRNet connection on a server plugged in to the public network. Only a government worker (or contractor at a gov facility) can do this level of FUBAR.
“As long as one is using the Internet, stolen credentials will ALWAYS be an issue, no matter who manages security.”
I worked for a major global corporation, consulting for/with them. Everything internal was behind a firewall on their own systems inside what is called an Intranet - use of everything that can be done “Internet” style, but dedicated on a closed corporate system.
Outside access to the “world wide web” was restrticted first based on a users security and then the user had to log out of their Intranet and go through their coporate VPN to use a restricted dedicated “outside-the-company” access using communications lines walled off from everything inside the company. The later method was constanly being tested by their global cyber security experts to detect holes in the “outside” connectability that could let intruders come in via that route. Our government agencies can all do the same thing, they most often need a secure Intranet more than the “world wide web” and with a firewall between the two they can monitor and prevent “back door” cyber access. In some situations more than one agency (like the DOJ and its FPI dept, or Treassury and IRS) could share an Intranet system.
That was my point, as this is exactly what the big cloud vendors are doing, but on a massive scale.
Not just a few, or even a dozen global security experts, but thousands. No other single company has more of these experts than Microsoft--as much as people hate them, they're real specialty is business services.
But do understand how packets work. They still hit the firewall, and can be wrapped in http/https/smtp and other normally allowed protocols. The point of compromise is those allowed packets. They can then be used to authenticate a compromised account or simply inject code or stop normal service.
There is no foolproof firewall on the Internet. The only way to completely protect is to unplug it.
And don't trust big government. More than half of the attacks going on at any moment are being committed by big governments.
“That was my point, as this is exactly what the big cloud vendors are doing, but on a massive scale.”
I don’t trust them and I want govt to host its own systems and to fire folks when they fail to keep it secure.
“But do understand how packets work. They still hit the firewall, and can be wrapped in http/https/smtp and other normally allowed protocols. “
We understood that and no packets passed accross the Internet-Intranet barriers without being “unwrapped” and deconstructed contents inspected in multiple ways.
“There is no foolproof firewall on the Internet. The only way to completely protect is to unplug it.”
Yes. And that is why they ran totally separate VPN comm lines, globally, for the Intranet and Internet access and the “bridge” between them, anywhwre in the company, comprised 90% of the cyber security effort. Also, having the Inranet and restricted Internet access minimized that traffic as well.
Good. Again, these are services and practice that are always applied to you by the cloud vendor.
We’re not really disagree on the actual way the stuff works, just who has the most resources to provide it.
The Air Force doesn’t make its own airplanes, those are contracted out to vendors. Same with all manner of government data and communications systems.
For getting you critical and sensitive communications OFF the internet, you can also use ExpressRoute with Azure.
ExpressRoute enables you to extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider. This connection is private. Traffic doesn’t go over the internet. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure, Microsoft 365, and Dynamics 365.
This is NOT a routed (using TCPIP) connection. It relies on a third party—through a commercial communications provider—usually fiber from a business’s demarcation point to Microsoft’s physical internal network.
https://learn.microsoft.com/en-us/azure/expressroute/expressroute-introduction
We don't even fire--or punish--high-ranking FBI government employees when they deliberately lie on a FISA court warrant, commit provable election fraud, or lie about gain-of-function experiments and duplicity with Enemy China that killed millions of people globally...
Do not trust the government, and less so than even a woke company.
“The Air Force doesn’t make its own airplanes, those are contracted out to vendors. Same with all manner of government data and communications systems.”
We always divide the ideas of buying things we can use from “services”. and our philosphy on services is - especially if you are the government - you can buy the equipment you need AND you can HIRE the talent to run the equipment, and that combination allows you to control and secure the security of that equipment yourself.
The idea that the “cloud” is inherently bigger and therefor can afford and perform services “better” than the U.S. government misunderstands (1) how massive the federal government is and (2) once you reach a certain internal scale of things “outside” is not more affordable than inside.
Having been part of that massive federal government, I can say... Not so. I do not misunderstand them, but rather understand them too well.
The scales have fallen off my eyes. I still love my country, but not the bureaucrats and politicians currently running its government.
It's been a real hard pill to swallow, given how much of my life I dedicated to it.
Let's agree to disagree.
...and then there are those Sandy Burger types.
A short time ago, Bill Gates was in China. Now we are learning the Microsoft Cloud has been compromised. Does anyone else not believe in coincidences.
Anyone thinking cloud based data is safe has their head in a cloud.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.