2023-09-08 10:03:02
In July, hackers gained access to the Outlook email accounts of 25 organizations. Microsoft has now admitted that the hackers, who are said to come from China, had apparently gained extensive powers in the Microsoft cloud in 2021.
On Wednesday, Microsoft published new important results in a blog entry about a hacker attack by the so-called “Storm-0558” group, which is said to be behind a Chinese state espionage attack. In recent weeks, IT security experts have been pushing for complete clarification.
According to Microsoft’s previous account, starting on May 15, 2023, the attackers used fake authentication tokens to access the emails of approximately 25 organizations, including government agencies and associated customer accounts in the public cloud, until the attack was discovered on June 16, 2023 became.
Experts and employees of the security authorities have speculated in recent months as to how this could have happened. The investigation results that the US company has now published suggest that the crash of a consumer signature system in April 2021 led to a signature key being passed on. The “Storm-0558” hackers apparently got hold of this key. This gave you extensive powers within the Microsoft cloud. This emerges from Microsoft’s current statement.
After SWRAccording to research, the hacker attack raises fundamental questions about the security of Microsoft’s cloud solution, after there had already been massive criticism from data protection experts in the past. The current incident at Microsoft could now also have consequences for the digitalization of authorities and the federal government’s cyber security strategy agreed in the coalition agreement.
Access to most Microsoft cloud applications
David Elze, head of “Code White”, leads an expert team of professional hackers as an IT security specialist with more than 15 years of experience. As a computer security service, “Code White” shows companies how vulnerable they are to real attacks from cyberspace.
Elze commented in an interview with the that the state-Chinese hacker group “Storm-0558” was able to gain unnoticed access to a secret master key from Microsoft SWR: “This master key is one of the most important secrets for Microsoft’s Azure cloud, as it can be used to gain access to most of Microsoft’s cloud applications.”
What makes it even more difficult is that you can pretend to be any user. “This means that the hackers had full access to email (Exchange, Outlook), files (OneDrive, Sharepoint) and collaboration (Teams, Skype) as well as many other applications,” says Elze. “We know that a double-digit number of accounts close to the government were actively hacked as a result. Nobody knows whether there were more.”
Nobody knows whether the attackers gained much more access and what permanent backdoors they were able to set up with the access rights they captured, said Elze.
Elze believes that no direct damage was likely to have occurred for normal users with a Microsoft cloud account. In addition to large companies, state hackers focus on government members, system critics and journalists. To protect them, trusting in Microsoft and its security processes alone is not enough. “Code White” therefore recommends advanced measures such as true end-to-end encryption.
“Irresponsible” behavior by Microsoft
The attack revealed serious security gaps in the cloud architecture, according to the assessment of cyber war expert and founder of “Monarch”, a private military intelligence service, Sandro Gaycken.
“Everything that a Microsoft sign-in offers was accessible to attackers for weeks, in every Microsoft product, a highly serious incident,” says Gaycken in an interview with SWR. He sharply criticized the US company: “Microsoft downplayed the event significantly because trust in their cloud infrastructure was of course at risk.” From Gaycken’s point of view, the company’s behavior was irresponsible. “Microsoft should be warned for its poor and hesitant information policy,” he demands.
Like many other IT security experts, Tim Schughart, founder and boss of the IT security company “ProSec”, was also expecting to speak to the SWR maximum transparency from Microsoft to regain trust. With the latest technical publication, the US company has taken a step towards the pressure from the industry and the pressing questions – this was probably also at the urging of the organizations concerned. “Microsoft can be credited for its late but sensible transparency,” admits “Code White” boss Elze.
Close security gaps
The hacker attack on the company’s customers also brought the Federal Office for Information Security (BSI) into action. A spokeswoman said this SWR, its cybersecurity authority intensively dealt with the technical background and necessary operational responses immediately after the attacks against Microsoft’s cloud infrastructures known as “Storm-0558” became known. “Possible consequences for the federal administration’s cloud projects are currently being examined and translated into sensible security measures.”
Manuel Höferlin, domestic policy spokesman for the FDP parliamentary group, said this SWR: “The current incident at Microsoft shows that even the best encryption is useless if the attackers have the key. Microsoft must now clarify specifically how the attackers were able to get the key and why the ongoing attack was not noticed sooner.”
Höferlin is committed to consistently closing IT security gaps in planned laws to protect critical infrastructure instead of leaving them open for monitoring purposes. “Unfortunately, this won’t happen overnight, because Germany’s cybersecurity was, as is well known, not a top priority in the previous government.”
Make EU institutions independent of Microsoft
The European Parliament is also dealing with the attack on Microsoft’s cloud security structure. The European Parliament relies heavily on Microsoft products, both in terms of the operating system of the service computers, as well as the storage of documents in Microsoft Teams and the use of SharePoint and Exchange for all parliamentary emails.
Pirates MEP Patrick Breyer says so SWR, EU Parliament President Roberta Metsola must now urgently investigate whether China could have infiltrated the European Parliament. “We must gradually become independent of US corporations and switch to free, self-managed technology,” demands Breyer, a member of the Committee on Civil Liberties, Justice and Home Affairs (LIBE).
1694169057
#Cloud #applications #hacker #attack #Microsoft