Image: Salvatore De Lellis via Pexels

Microsoft Exchange hack is focus of cyber board’s next review

The China-linked attack on Microsoft email services will get a full review by the U.S. government’s special board for examining major cybersecurity incidents, the Department of Homeland Security said Friday.

The Cyber Safety Review Board will focus its attention on “the malicious targeting of cloud computing environments,” according to DHS, including the recent intrusion into Microsoft Exchange Online by China-based hackers.

The effort will include “a broader review of issues relating to cloud-based identity and authentication infrastructure,” DHS said.

“We must as a country acknowledge the increasing criticality of cloud infrastructure in our daily lives and identify the best ways to secure that infrastructure and the many businesses and consumers that rely on it,” said the CSRB’s chair, DHS Undersecretary for Policy Rob Silvers.

Reported targets of the Microsoft incident included senior U.S. officials like Commerce Secretary Gina Raimondo and the ambassador to China.

Read more: NSA chief: Chinese cyber spies continue to improve — but haven't surpassed US

The CSRB already made news this week with a report about lessons learned from the fight against the Lapsus$ cybercrime gang. Its inaugural report covered the Log4j bug.

The Microsoft incident stirred up an aggressive response from policymakers and cybersecurity experts. Lawmakers have called for the Department of Justice to investigate the case, and analysts noted the highly skilled nature of the operation. The attackers infiltrated accounts through forged authentication tokens, which are used to validate the identity of entities requesting access to cloud resources.

Afterward the company and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) said they were working together to expand access to cloud logging tools that could help organizations spot those kinds of attacks. Microsoft also said it made changes to the token validation system.

The review board is a public-private collaboration and has no regulatory powers, but so far its reports have received broad attention across government and industry.

“The Board’s findings and recommendations from this assessment will advance cybersecurity practices across cloud environments and ensure that we can collectively maintain trust in these critical systems,” CISA Director Jen Easterly said.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Joe Warminsky

Joe Warminsky

is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.