Microsoft vulnerability causes government emails to be hacked, officials launch investigation

A Microsoft cloud breach that resulted in China state-backed hackers breaking into U.S. government emails has led the Cyber Security Review Board to launch an investigation.

2

The Cyber Security Review Board (CSRB) announced on Friday that its investigation will look into cloud-based identity and authentication infrastructure, which will lead to a wider review of all potential and current problems.

This investigation was launched following U.S. government official email accounts being infiltrated by China state-backed hackers that gained access to U.S. Commerce Secretary Gina Raimondo's inbox, several other officials at the U.S. State Department, and officials at a few different government agencies.

Information regarding this story is slowly coming out, but what we do know is that the vulnerability can be traced back to hackers stealing a sensitive signing key that enabled unauthorized access to both enterprise and government email addresses hosted by Microsoft. The key, combined with the security flaw within Microsoft's infrastructure, which has since been fixed, enabled the hackers to forge authentication tokens that gained them access to the email account inboxes.

The security breach happened in mid-May, but officials only detected the vulnerability in June. Why did it take a month? State Department officials used a higher-tier paid account, which enables users to check logs, which Microsoft keeps on file. Other government departments don't use this higher-tier paid account, and if they were given access, the vulnerability would have likely been spotted much sooner.

In response to this vulnerability, Microsoft has said it will make logs available for all customers beginning sometime in September.