{"id":1486,"date":"2023-07-14T18:03:07","date_gmt":"2023-07-14T18:03:07","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=75552"},"modified":"2023-07-14T18:03:07","modified_gmt":"2023-07-14T18:03:07","slug":"chinese-hacking-operation-puts-microsoft-in-the-crosshairs-over-security-failures","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/07\/14\/chinese-hacking-operation-puts-microsoft-in-the-crosshairs-over-security-failures\/","title":{"rendered":"Chinese hacking operation puts Microsoft in the crosshairs over security failures"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v20.5 (Yoast SEO v20.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>Chinese hacking operation puts Microsoft in the crosshairs over security failures | CyberScoop<\/title> <meta name=\"description\" content=\"Security deficiencies and business practices have researchers and officials furious at Microsoft for enabling an espionage operation.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-china-hacking-state\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Chinese hacking operation puts Microsoft in the crosshairs over security failures\"> <meta property=\"og:description\" content=\"Security deficiencies and business practices have researchers and officials furious at Microsoft for enabling an espionage operation.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-china-hacking-state\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-07-14T18:03:07+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/chinese-hacking-operation-puts-microsoft-in-the-crosshairs-over-security-failures-1.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"eliasgroll\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1687285576g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1685471931g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1688989068g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=008d053dcbaaeb47b822\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/75552\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<link rel=\"wlwmanifest\" type=\"application\/wlwmanifest+xml\" href=\"https:\/\/cyberscoop.com\/wp-includes\/wlwmanifest.xml\">\n<meta name=\"generator\" content=\"WordPress 6.2.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=75552\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-china-hacking-state%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-china-hacking-state%2F&amp;format=xml\">\n<meta name=\"parsely-title\" content=\"Chinese hacking operation puts Microsoft in the crosshairs over security failures\"><br \/>\n<meta name=\"parsely-link\" content=\"http:\/\/cyberscoop.com\/microsoft-china-hacking-state\/\"><br \/>\n<meta name=\"parsely-type\" content=\"post\"><br \/>\n<meta name=\"parsely-image-url\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/chinese-hacking-operation-puts-microsoft-in-the-crosshairs-over-security-failures-1.jpg?w=150&amp;h=150&amp;crop=1\"><br \/>\n<meta name=\"parsely-pub-date\" content=\"2023-07-14T18:03:07Z\"><br \/>\n<meta name=\"parsely-section\" content=\"Geopolitics\"><br \/>\n<meta name=\"parsely-tags\" content=\"biden administration,china,commerce department,data breaches,department of homeland security (dhs),espionage,hacking,microsoft,russia,solarwinds,state department\"><br \/>\n<meta name=\"parsely-author\" content=\"eliasgroll\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-75552 single-format-standard\" id=\"readabilityBody\"> <svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-dark-grayscale\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 0.49803921568627\" \/><feFuncG type=\"table\" tableValues=\"0 0.49803921568627\" \/><feFuncB type=\"table\" tableValues=\"0 0.49803921568627\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-grayscale\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 1\" \/><feFuncG type=\"table\" tableValues=\"0 1\" \/><feFuncB type=\"table\" tableValues=\"0 1\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-purple-yellow\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.54901960784314 0.98823529411765\" \/><feFuncG type=\"table\" tableValues=\"0 1\" \/><feFuncB type=\"table\" tableValues=\"0.71764705882353 0.25490196078431\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-blue-red\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 1\" \/><feFuncG type=\"table\" tableValues=\"0 0.27843137254902\" \/><feFuncB type=\"table\" tableValues=\"0.5921568627451 0.27843137254902\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-midnight\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 0\" \/><feFuncG type=\"table\" tableValues=\"0 0.64705882352941\" \/><feFuncB type=\"table\" tableValues=\"0 1\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-magenta-yellow\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.78039215686275 1\" \/><feFuncG type=\"table\" tableValues=\"0 0.94901960784314\" \/><feFuncB type=\"table\" tableValues=\"0.35294117647059 0.47058823529412\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-purple-green\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.65098039215686 0.40392156862745\" \/><feFuncG type=\"table\" tableValues=\"0 1\" \/><feFuncB type=\"table\" tableValues=\"0.44705882352941 0.4\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-blue-orange\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.098039215686275 1\" \/><feFuncG type=\"table\" tableValues=\"0 0.66274509803922\" \/><feFuncB type=\"table\" tableValues=\"0.84705882352941 0.41960784313725\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg> <a href=\"https:\/\/cyberscoop.com\/microsoft-china-hacking-state\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.525240384615\">\n<div class=\"single-article__header-content\" readability=\"30.096296296296\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/geopolitics\/\"> <span>Geopolitics<\/span> <\/a> <\/li>\n<\/ul>\n<p> Security deficiencies and business practices have researchers and officials furious at Microsoft for enabling an espionage operation. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/chinese-hacking-operation-puts-microsoft-in-the-crosshairs-over-security-failures.jpg?resize=640%2C426&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/chinese-hacking-operation-puts-microsoft-in-the-crosshairs-over-security-failures-1.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/chinese-hacking-operation-puts-microsoft-in-the-crosshairs-over-security-failures-1.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/chinese-hacking-operation-puts-microsoft-in-the-crosshairs-over-security-failures-1.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/chinese-hacking-operation-puts-microsoft-in-the-crosshairs-over-security-failures-1.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/chinese-hacking-operation-puts-microsoft-in-the-crosshairs-over-security-failures-1.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/chinese-hacking-operation-puts-microsoft-in-the-crosshairs-over-security-failures-1.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/chinese-hacking-operation-puts-microsoft-in-the-crosshairs-over-security-failures-1.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/chinese-hacking-operation-puts-microsoft-in-the-crosshairs-over-security-failures-1.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/chinese-hacking-operation-puts-microsoft-in-the-crosshairs-over-security-failures-1.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/chinese-hacking-operation-puts-microsoft-in-the-crosshairs-over-security-failures-1.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> The Microsoft logo is illuminated on a wall during a Microsoft launch event on May 2, 2017 in New York City. (Photo by Drew Angerer\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"73.399164380145\"><body readability=\"149.6052027544\"><\/p>\n<p>Revelations that hackers in China used a Microsoft security flaw to execute a highly targeted, sophisticated operation targeting some two dozen entities, including the U.S. commerce secretary, have officials and researchers alike exasperated the company\u2019s products have once again been used to pull off an intelligence coup.&nbsp;<\/p>\n<p>What\u2019s worse, U.S. cybersecurity workers only discovered the operation this week thanks to a premium Microsoft logging service that costs customers extra and without which the attack likely could not be detected.<\/p>\n<p>As the Biden administration&nbsp;pushes&nbsp;a so-called \u201csecure by default\u201d approach to cybersecurity as a part of the&nbsp;<a href=\"https:\/\/cyberscoop.com\/national-cybersecurity-strategy-implementation-plan\/\" target=\"_blank\" rel=\"noreferrer noopener\">White House National Cybersecurity Strategy<\/a>, the fact that Microsoft up-charges customers for security features \u2014 even to&nbsp;discover its own flaws&nbsp;\u2014 has some officials questioning the reliance on huge&nbsp;tech&nbsp;firms&nbsp;that play a central role in Washington\u2019s broader computer security initiatives.<\/p>\n<p>\u201cOffering insecure products and then charging people premium features necessary to not get hacked is like selling a car and then charging extra for seatbelts and airbags,\u201d Sen. Ron Wyden, D-Ore., said in a statement.&nbsp;<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Over the course of a month \u2014 between May 15 and June 16 \u2014 Chinese hackers succeeded in penetrating the email inbox of Secretary of State Gina Raimondo and employees at the U.S. State Department just as Secretary of State Tony Blinken prepared for a critical trip to China.<\/p>\n<p>It is unclear what the operation, which security officials describe as remarkably stealthy, netted the hackers, but two White House officials <a href=\"https:\/\/edition.cnn.com\/2023\/07\/13\/politics\/biden-china-hack-emails-blinken\/index.html\" target=\"_blank\" rel=\"noreferrer noopener\">told CNN<\/a> that they believe the breach offered Beijing insights about Blinken\u2019s June visit to China. And while it is also unclear what the hackers obtained from Raimondo\u2019s inbox, the commerce secretary has helped craft highly restrictive U.S. export controls cutting China off from advanced semiconductors. Raimondo <a href=\"https:\/\/www.cnbc.com\/2023\/04\/07\/commerce-officials-heading-to-china-to-lay-groundwork-for-possible-raimondo-trip-later-this-year-sources-say.html\" target=\"_blank\" rel=\"noreferrer noopener\">is expected<\/a> to soon travel to China.&nbsp;<\/p>\n<p>To pull off the operation, the hackers appear to have obtained an encryption key used to create user tokens \u2014 the ephemeral digital access codes that allow users to come and go to a computing service in the cloud. How the hackers obtained that key represents a major mystery and a major security failure by the company. <\/p>\n<p>In a technical <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/07\/14\/analysis-of-storm-0558-techniques-for-unauthorized-email-access\/\" target=\"_blank\" rel=\"noreferrer noopener\">blog post published Friday<\/a>, Microsoft said that \u201cthe method by which the actor acquired the key is a matter of ongoing investigation\u201d and that the company has \u201chardened key issuance systems since\u201d the stolen key was issued. \u201cOur active investigation indicates these hardening and isolation improvements disrupt the mechanisms we believe the actor could have used to acquire [Microsoft account (MSA) consumer] signing keys,\u201d the blog post notes. <\/p>\n<p>But the fact that such a key could be used at all to create fraudulent identities to access the email systems of senior U.S. officials has security researchers scratching their heads how Microsoft could build such an insecure system.&nbsp;Russian hackers used a similar vulnerability in a Microsoft system to penetrate thousands of systems as part of the Solar Winds hacking campaign.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The Russian campaign exploiting Solar Winds \u2014 known also as \u201c<a href=\"https:\/\/www.atlanticcouncil.org\/in-depth-research-reports\/report\/broken-trust-lessons-from-sunburst\/\" target=\"_blank\" rel=\"noreferrer noopener\">Sunburst<\/a>\u201d \u2014 exploited an attack vector known as \u201c<a href=\"https:\/\/www.cyberark.com\/resources\/threat-research-blog\/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps\" target=\"_blank\" rel=\"noreferrer noopener\">Golden SAML<\/a>\u201d to create forged authentication objects, and while many of the technical details of the Chinese attack remain unclear, researchers are outraged that Microsoft systems would again be exploited in an attack relying on a method of forged authentication tools.&nbsp;<\/p>\n<p>\u201cIf they haven\u2019t torn all of that infrastructure down and made sure it\u2019s built as tightly as possible after Sunburst then maybe they just really don\u2019t care at all,\u201d said Trey Herr, who directs the Atlantic Council\u2019s Cyber Statecraft Initiative. \u201cThey\u2019re selling products that are built on a critical service \u2014 it can\u2019t be spaghetti code or rely on crazy assumptions poorly communicated to the customer.\u201d<\/p>\n<p>To be sure, security experts caution that stopping cyber operations by skilled, well-resourced hackers remains immensely difficult. When a nation-state is willing to dedicate time and resources to penetrating a computer system, defending against it is a staggering challenge.&nbsp;But the combination of a stealthy attack that could only be detected using a more expensive Microsoft product created a major headache for groups told they had been targeted by the operation.&nbsp;<\/p>\n<p>After Microsoft informed a human rights group that they had been affected by the breach, the group turned to the cybersecurity firm Volexity, but Steven Adair, the company\u2019s president, and his colleagues couldn\u2019t find evidence of a breach. That\u2019s because the organization in question had a less expensive E3 license level. Detecting the attack required upgrading to a more expensive E5 or G5 plan \u2014 something most civil society groups can\u2019t afford.&nbsp;<\/p>\n<p>\u201cWhat if they hadn\u2019t hit anybody with a G5 license?\u201d Adair wondered aloud in an interview with CyberScoop. \u201cWhen, if ever, would it have been noticed?\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>That approach to security has many in the cybersecurity community deeply frustrated with Microsoft, whose products are growing increasingly ubiquitous.<\/p>\n<p>\u201cMicrosoft is running a Black Friday sale,\u201d said Juan Andres Guerrero-Saade, the senior director of SentinelLabs, the research division of the cybersecurity firm SentinelOne. \u201cThey\u2019re lowering the security bar for everyone so that \u2018standard\u2019 can be sold as \u2018premium\u2019 and everyone that can\u2019t afford it is on their own.\u201d<\/p>\n<p>The failure of a cloud-based service to stop a sophisticated attack <a href=\"https:\/\/cyberscoop.com\/bide-cybersecurity-strategy-implementation\/\" target=\"_blank\" rel=\"noreferrer noopener\">presents a challenge<\/a> to the <a href=\"https:\/\/cyberscoop.com\/biden-national-cybersecurity-strategy-2023\/\" target=\"_blank\" rel=\"noreferrer noopener\">Biden administration\u2019s cybersecurity strategy<\/a>, which notes that \u201ccloud-based services enable better and more economical cybersecurity practices at scale.\u201d<\/p>\n<p>The transition to cloud-based services is supposed to deliver security benefits for the government \u2014 while providing lucrative contracts to the tech sector \u2014 but if operations such as the one disclosed this week can still be carried out against a firm like Microsoft, it is unclear whether the transition to cloud will deliver the expected security benefits.&nbsp;<\/p>\n<p>Indeed, Microsoft\u2019s failure to provide by default the necessary logging to detect the attack has resulted in rare criticism from officials at the National Security Council and the Cybersecurity and Infrastructure Security Agency, two entities that work closely with the company on a range of security issues.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cEvery organization using a technology service like Microsoft 365 should have access to logging and other security data out of the box,\u201d a senior CISA official told reporters this week, adding that the failure to provide robust security features by default \u201cis not yielding the sort of security outcomes that we seek.\u201d<\/p>\n<p>In a statement about the operation, U.S. National Security Council Spokesperson Adam Hodge noted that \u201cwe continue to hold the procurement providers of the U.S. Government to a high security threshold.\u201d<\/p>\n<p>Under pressure from the government, Microsoft may be shifting its approach on which logging features are available under lower-tier licenses. A Microsoft spokesperson told CyberScoop that the company has \u201chistorically provided security logs to customers\u201d with options on how they are stored. The company is \u201cevaluating feedback,\u201d remains \u201copen to other models\u201d and is \u201cactively engaged with CISA and other agencies on this.\u201d<\/p>\n<p>Shortly before details of the operation were made public late Tuesday, Microsoft\u2019s head of federal business, Rick Wagner, stepped down from his role. Details of his replacement, and who takes over his responsibilities in the interim, have yet to be announced.<\/p>\n<p><em>Madison Alder<\/em> <em>and John Hewitt Jones contributed reporting to this article. <\/em><\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-china-hacking-state\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Chinese hacking operation puts Microsoft in the crosshairs over security<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[622,271,623,440,293,624,302,281,625,439,270,626,318,288],"tags":[627,277,628,444,299,629,306,285,630,443,276,631,319,294],"class_list":["post-1486","post","type-post","status-publish","format-standard","hentry","category-biden-administration","category-china","category-commerce-department","category-data-breaches","category-department-of-homeland-security-dhs","category-espionage","category-geopolitics","category-hacking","category-microsoft","category-policy","category-russia","category-solarwinds","category-state-department","category-threats","tag-biden-administration","tag-china","tag-commerce-department","tag-data-breaches","tag-department-of-homeland-security-dhs","tag-espionage","tag-geopolitics","tag-hacking","tag-microsoft","tag-policy","tag-russia","tag-solarwinds","tag-state-department","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/biden-administration\/\" rel=\"category tag\">Biden administration<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/commerce-department\/\" rel=\"category tag\">Commerce Department<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/data-breaches\/\" rel=\"category tag\">data breaches<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-homeland-security-dhs\/\" rel=\"category tag\">Department of Homeland Security (DHS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/espionage\/\" rel=\"category tag\">espionage<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hacking\/\" rel=\"category tag\">hacking<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/policy\/\" rel=\"category tag\">Policy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/solarwinds\/\" rel=\"category tag\">SolarWinds<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/state-department\/\" rel=\"category tag\">State Department<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1486","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1486"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1486\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1486"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}