Corporate culture to blame for Microsoft Exchange Online breach
In the summer of 2023, Microsoft Exchange Online was hit in a series of intrusions by a People’s Republic of China (PRC) backed actor tracked as Storm-0558, who gained access to the mailboxes of 22 organizations.
The mailboxes were used by over 500 people, and compromised a number of US government representatives including Commerce Secretary Gina Raimondo, US Ambassador to the PRC R. Nicholas Burns, and Congressman Don Bacon.
Microsoft Exchange Online uses signing keys to securely authenticate access to remote systems, and Storm-0558 managed to obtain a legitimate signing key which, when used in conjunction with another Exchange Online vulnerability, could have allowed them to access any account in the world.Cloud security “has never been more important”
The attack has since been found to have been preventable, according to a report by the Department of Homeland Security (DHS) and the Cyber Safety Review Board (CSRB), stating that there were decision made pointing to “a corporate culture that deprioritized enterprise security investments and rigorous risk management, at odds with the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.
