To help U.S. government agencies defend themselves against foreign state-sponsored adversaries, Microsoft is expanding free logging features in some products.
An announcement from the Cybersecurity and Infrastructure Security Agency (CISA) shows that all US federal agencies using Microsoft Pureview Audit will receive the upgrade, regardless of their license level.
The move is in response to a cyber attack against US government agencies that was discovered last summer.
Logs to the rescue
In July 2023, the US Department of State tipped Microsoft off to a cyber espionage campaign using counterfeit authentication tokens for Outlook Web Access in Exchange Online and Outlook.com.
Microsoft later attributed the attack to Storm-0558, reportedly a Chinese state-sponsored threat actor typically engaged in cyber espionage against Western organizations and governments. Storm-0558 gained access to more than twenty email accounts and obtained an unknown amount of sensitive information.
The US Department of State was able to discover the attack by analyzing unclassified Microsoft 365 audit logs, available in Microsoft Pureview Audit for Premium subscribers.
“Storm-0558 operates with a high degree of engineering prowess and operational security,” Microsoft explains. “The actors are acutely aware of the target’s environment, logging policies, authentication requirements, policies and procedures.”
China denied any wrongdoing and called the US “the world’s largest hacker empire and global cyber thief.” The Chinese added that it was “high time for the US to explain its cyberattack activities and stop spreading disinformation to divert public attention.”
Storm-0558 apparently used two malware, Bling and Cigril, with the latter described as a Trojan that could decrypt encrypted files and execute them directly from system memory on the target endpoint.
Through The HackerNews