US Government to Investigate Chinese Hack That Breached Exchange Online

Security hero image

The Cyber Security Review Board (CSRB) has recently announced that it will investigate the recent compromise of Exchange Online used by the US government. The board also plans to conduct a review of the identity and authentication infrastructure used by cloud providers.

Last month, Microsoft confirmed that China state-backed hackers (dubbed ‘Storm-0558’) breached the email accounts of 25 organizations. The threat actors stole a sensitive signing key that allowed unauthorized access to government and enterprise email accounts.

The China-based threat actor had operated since May 15, but the FCEB agency detected the activity and notified Microsoft in mid-June. The security incident reportedly impacted US Commerce Secretary Gina Raimondo and other State and Commerce Department officials. In response to the criticism, Microsoft announced that it would provide all customers free access to cloud security logs in September.

US Government to Investigate Chinese Hack That Breached Exchange Online

CSRB’s findings to help bolster cloud security

CSRB plans to explore how organizations and government agencies can improve cloud-based identity management and authentication. CISA director Jen Easterly said the findings would help to boost cyber security across cloud environments.

“Organizations of all kinds are increasingly reliant on cloud computing to deliver services to the American people, which makes it imperative that we understand the vulnerabilities of that technology,” said Secretary of Homeland Security Alejandro N. Mayorkas. “Cloud security is the backbone of some of our most critical systems, from our e-commerce platforms to our communication tools to our critical infrastructure.”

Two years ago, President Biden formed the Cyber Safety Review Board (CSRB) to review major cybersecurity incidents and make recommendations. The board first investigated the Log4j vulnerability that was discovered back in 2021. Last week, CSRB published a second report with findings about recent attacks by the Lapsus$ hacking group.