A review of the June 2023 attack on Microsoft's Exchange Online hosted email service – in which accounts used by senior US officials were compromised by a China-linked group called "Storm-0558" – has found that the incident would have been preventable except for Microsoft's lax infosec culture and cloud security measures that fall short of them.
Microsoft Exchange Server vulnerabilities #shorts
The review, conducted by the US government's Cybersecurity and Infrastructure Security Agency's Cyber Safety Review Board (CSRB), calls for "rapid cultural change" at Microsoft. Among the board's recommendations:
The strong language was offered in light of the attack, which it attributed to a "cascade of Microsoft's avoidable errors."
The CSRB report [PDF] pins the attack on key rotation methods used to secure the Microsoft Services Account (MSA) — the identity management system that underpins the software giant's consumer cloud services.