At a glance.
- New targets of Chinese cyberespionage are uncovered.
- Monti ransomware is back.
- Evasive phishing campaign exposed.
- Realtors' network taken down by cyberattack.
- A closer look at NoName057(16).
- Perspective on cyberwar: Pearl Harbor it's not.
- Scammers target kids playing Fortnite, Roblox.
New targets of Chinese cyberespionage uncovered.
The Washington Post reported yesterday that the compromise of the Microsoft Cloud (currently under investigation by the US Intelligence Community, as well as by the Cyber Safety Review Board). At least one member of Congress, Representative Don Bacon (Republican, Nebraska 2nd District), a strong supporter of Taiwan who serves on the House Armed Services Committee, said Monday that the FBI had informed him that his email had been compromised in the incident.
The espionage itself is remarkable for its successful execution, not for its novelty--intelligence services collect like this whenever they can. The US Government's exposure to the attack, however, was remarkable. As the Post notes, "It was unclear how the government could have prevented it while relying exclusively on Microsoft for cloud, email and authentication services." The risks of the alleged security monoculture will doubtless figure in the Cyber Safety Review Board's inquiry.
Microsoft's own assessment of the incident has concluded that the threat group, Storm-0558, was forging Azure Active Directory tokens using an acquired Microsoft account (MSA) consumer signing key. "This was made possible," MIcrosoft wrote yesterday, "by a validation error in Microsoft code." Storm-0558 is an espionage operation. Its targets include "US and European diplomatic, economic, and legislative governing bodies, and individuals connected to Taiwan and Uyghur geopolitical interests." The group's post-compromise activity concentrated on accessing and extracting emails from the targets' accounts. Microsoft has mitigated this particular risk, and says no customer action is required.