US Cybersecurity Board Digs Deep into Recent China-Linked Microsoft Cloud Breach

In response to the recent intrusion of US government email systems hosted by Microsoft, the Cyber Security Review Board (CSRB) has announced its intention to launch a comprehensive investigation. The incident, which involved China-backed hackers infiltrating government email accounts, has raised concerns about the security of cloud-based identity and authentication infrastructure.

The CSRB's latest inquiry comes after widespread criticism of Microsoft's handling of the breach, which drew the ire of federal lawmakers and the broader security community. The review will encompass a broader examination of issues related to cloud-based identity and authentication infrastructure, aiming to understand vulnerabilities and provide actionable cybersecurity recommendations for all stakeholders.

The breach, which began in mid-May, remained undetected until a month later when State Department officials uncovered the breach and alerted Microsoft. Notably, the breach was first revealed due to the State Department's access to higher-tier accounts, a feature not accessible to other departments with lower-tier accounts. Following the incident, Microsoft pledged to provide logs to customers at no additional cost, starting in September.

Senator Ron Wyden, a Democratic member of the Senate Intelligence Committee, criticized Microsoft's cybersecurity practices, alleging they facilitated Chinese hackers' espionage activities. Wyden also called on the CSRB to investigate the matter.

Homeland Security Secretary Alejandro Mayorkas emphasized the importance of understanding cloud technology vulnerabilities, given its critical role in various sectors, from e-commerce platforms to communication tools and critical infrastructure. He welcomed actionable recommendations from the CSRB to enhance data security and cyber resilience across organizations.

This marks the CSRB's third investigation since its establishment by President Biden through an executive order in 2021. Comprising representatives from both government and private sector cybersecurity experts, the board aims to dissect major cybersecurity events and offer recommendations to prevent future incidents.

The CSRB's previous investigations covered significant cybersecurity events, including the fallout from the Log4j vulnerability in 2020 and the activities of the Lapsus$ hacking group, known for breaching Fortune 500 companies using techniques such as SIM swapping and social engineering.

As cloud computing continues to underpin critical systems across sectors, the CSRB's inquiry into the recent Microsoft breach aims to provide insights that will bolster defenses against future threats. The investigation's findings will be shared with the Cybersecurity and Infrastructure Security Agency (CISA) and the current US administration for further action to safeguard government systems and accounts.