Connect with us

Hi, what are you looking for?


Hacking of Government Email Was Traditional Espionage, Official Says

Government email hack attributed to traditional espionage, says official.

Image Source: (Microsoft sign at the headquarters for the cloud computer and software company, with office building in the background and space for text (Shutterstock @ VDB Photos)

Well, folks, we’ve got a serious situation on our hands in the world of cloud computing. For the second time in two years, malicious hackers have struck, taking advantage of a flaw in a cloud provider’s identity service. It’s a real intelligence coup that has caught the attention of the nation.

Let’s go back to 2021 when Russian hackers pulled off a sneaky operation, starting with a supply chain attack on SolarWinds. They then used flawed Microsoft identity systems to infiltrate hundreds of victim organizations. Fast forward to last week, and we’ve got hackers based in China getting in on the action, exploiting yet another flawed identity service to gain access to email inboxes, including those of high-ranking officials like the U.S. Secretary of Commerce and State Department officials.

Identity is the name of the game when it comes to determining who can access what in the digital workspace. Cloud providers rely on various services to store and validate these identities. And as more users move to the cloud, companies are making identity a frontline defense against adversaries.

But hold on a minute – if we’re promoting cloud infrastructure as the answer to all our security woes, we better make sure those identity services are rock-solid. It’s like leaving your keys on the kitchen table – they’re bound to get swiped! We need to hold cloud providers accountable and make sure they get things right when it comes to security.

There are some burning questions that need answers, my friends. How did the attackers get their hands on that Microsoft account consumer signing key? Was it from a consumer or enterprise resource, a customer system, or even the first-party Microsoft corporate network? Knowing this will help us understand the extent of Microsoft’s responsibility for this breach.

We also need to know if the attackers used the same key in multiple customer environments. It’s like lending out a master key to everyone in the building – that’s just asking for trouble. And if Microsoft failed to maintain the separation between customers, we’ve got a serious flaw in the multi-tenant model that could have dire economic implications.

Now, let’s talk about Office 365 Government and Office 365 Commercial. Supposedly, they’re separate clouds, “logically segregated” to keep government and private sector data apart. But did the attackers use the same key to compromise both of them? If so, we’ve got a breach of trust in the logical isolation that these clouds are supposed to provide.

These design flaws in Microsoft’s cloud services are like missing support beams in a building – they can cause the whole structure to collapse with just the right wind. We need to focus on holding companies accountable for the choices they make in designing their infrastructure, not just the security outcomes of their products.

If we want to protect our cloud infrastructure and prevent future attacks, it’s time for the White House, the cybersecurity community, and policymakers to step up and take action. We can’t afford to leave our keys lying around, my friends. Let’s get to work and secure our cloud systems before it’s too late!

Avatar photo
Written By

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


You May Also Like


In a jaw-dropping revelation this week, scientists have plumbed the darkest abyss of the Mariana Trench and surfaced with a viral enigma hailing from...


China has responded with strong words following President Joe Biden's characterization of Chinese President Xi Jinping as a "dictator."


China's Zero-Covid Policy continues to spark protests around China, as recent fires in quarantine zones take place.


Beijing no longer sees gaming as “entertainment” but as a form of art that must serve the party by promoting “correct values”.


What’s it like to work for a business that designs every aspect of your life, then has you broadcast it all day?


It's all taking off.


Vladislav Ivanov, 27, a part-time model from Vladivostok, Russia, rose to fame much to his own surprise while working as an interpreter on a...


We'll cross that bridge when we... oh.

Food & Drink

These two beers are named after disputed sea islands.