In Response to Nation-State Threats, Microsoft Bolsters Cloud Platform Security

Reading Time: ( Word Count: )

July 20, 2023

Microsoft made a commitment on Wednesday to offer all customers complimentary access to cloud security logs, a feature typically available only to premium clients. This move follows closely with reports that emails hosted on government cloud servers were subject to a supposed hacking attempt from China.

In a 2023 blog post, Microsoft detailed plans to broaden access to this service to “enhance the inherent security” of its cloud platforms “in light of escalating and evolving cyber threats from nation states.”

Customers using the standard package of Microsoft Purview Audit will enjoy an extension of their default retention period from 90 to 180 days.

Although logs cannot directly forestall attacks, Microsoft emphasised their value in incident response and digital forensics, aiding in distinguishing between normal and suspicious user behaviour.

The decision, said Microsoft, is the outcome of intensive collaboration with commercial and government clients and the Cybersecurity and Infrastructure Security Agency (CISA). CISA has reportedly been calling for increased industry accountability on cybersecurity matters.

Also Read: “Navigating Cybersecurity: Google’s Pilot Program to Secure User Trust”

CISA director, Jen Easterly, labelled the move as “progress in the right direction.” In a blog post on the CISA website applauding the decision, Eric Goldstein, the organisation’s executive assistant director for cyber security, referred to the recent Microsoft Exchange Online breach.

 Microsoft Bolsters Cloud Platform Security

Goldstein explained that logging data helped the agency impacted by the breach to identify the intrusion on Microsoft’s cloud email services and enact damage control measures. He stated that charging for logging data “poses an obstacle to thorough visibility when investigating cybersecurity incidents.”

The attack, which Microsoft has identified as being espionage-centric and linked to a China-based threat group known as Storm-O558, was detected by the Federal Civilian Executive Branch (FCEB) agency. Among the confirmed victims are US Commerce Secretary Gina Raimondo and various other State and Commerce Department officials. The attackers reportedly had account access for about a month before detection on June 16, 2023.

Microsoft reported that the threat group was falsifying Azure Active Directory (AD) tokens using a hijacked Microsoft account (MSA) consumer signing key, made possible due to a flaw in Microsoft’s validation code. A misused key enabled Microsoft’s specialised team to monitor all access requests from the threat group.

On Friday, Microsoft confessed that it was still dark about how the hackers got hold of the signing key for account access and stated that the probe was “still underway.”

The company also disclosed its observation of Storm-0558 transitioning to different methods, suggesting the group’s ability to use signing keys has been hindered by cybersecurity defences. ®




Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Wi-Fi Security Key vs. Password: Unraveling the Difference

Wi-Fi Security Key vs. Password: Unraveling the Difference

In the digital age, where connectivity is king, securing our Wi-Fi networks is paramount. When it comes to ...
Instagram Security Code Not Working

Instagram Security Code Not Working

In the realm of social media, Instagram stands as one of the most popular platforms for sharing moments, ...
T-Mobile App Glitch Exposes User Data: Data Privacy Concerns Arise

T-Mobile App Glitch Exposes User Data: Data Privacy Concerns Arise

Today, T-Mobile users reported an alarming issue where they were able to view the account and billing details of ...
Best Anonymous Crypto Wallet

Best Anonymous Crypto Wallet

Many Bitcoin users value their anonymity. You must ensure that your personal information and digital assets are ...

Submit a Comment

Your email address will not be published. Required fields are marked *