Microsoft Enhances Cybersecurity for U.S. Federal Agencies with Complimentary Logging Services
In response to the escalating threat of sophisticated cyber-espionage campaigns, notably by actors linked to China, Microsoft has announced a significant upgrade for U.S. federal agencies utilizing Microsoft Purview Audit. This strategic shift includes the provision of complimentary logging services designed to bolster the cybersecurity framework of these vital institutions.
Following revelations of nearly half a year of relentless cyber espionage directed at around two dozen organizations, Microsoft has taken decisive action. The tech giant will now automatically activate logs within customer accounts while extending the default log retention period from the initial 90 days to an impressive 180 days. This move, announced by the Center for Cybersecurity and Infrastructure Security (CISA), exemplifies a commitment to enhancing the online safety and resilience of U.S. governmental agencies.
Furthermore, this gesture of support from Microsoft is not just about extending log retention periods. The data acquired through these logs is poised to offer unprecedented telemetry, thereby enabling a broader spectrum of federal agencies to adhere to the stringent logging requirements delineated in Memorandum M-21-31 issued by the Office of Management and Budget. This represents a crucial step forward in fortifying the cybersecurity defenses of federal infrastructures against incursions.
The necessity for such measures was thrown into stark relief in July 2023 when Microsoft disclosed that Storm-0558, a cyberespionage group with ties to China, had infiltrated approximately 25 U.S. and European entities. This breach extended to a minor number of individual consumer accounts, showcasing the sophistication and operational security prowess of the assailants. The actors demonstrated a deep awareness of their targets’ operational landscape, including specific logging policies and authentication requirements, which facilitated their unauthorized access.
The breach was initially detected through an unclassified audit log in Microsoft 365, revealing suspicious activities that were not reported to Microsoft until a month after the campaign’s inception in May 2023. It was later unveiled that a U.S. government agency, identified as the State Department, flagged the abnormalities. The detection underscored the critical role of enhanced logging capabilities in Microsoft Purview Audit, particularly through the MailItemsAccessed mailbox-auditing action available to Premium subscribers.
An inadvertent validation oversight allowed Storm-0558 to manufacture Azure Active Directory (Azure AD) tokens with the MSA consumer key, facilitating unauthorized access to mailboxes. It’s believed that this security lapse led to the theft of at least 60,000 unclassified emails from Outlook accounts belonging to State Department officials across East Asia, the Pacific, and Europe. Despite these allegations, Beijing has staunchly refuted any involvement.
The incident had placed Microsoft under a microscope, particularly regarding its former policy which withheld basic yet critical logging functionality from subscribers of its premium E5 and G5 plans. Bowing to the pressure, Microsoft has revised its stance, now offering advanced logging features at no additional cost.
According to Candice Ling, a spokesperson for Microsoft, “We recognize the critical importance of advanced logging in assisting federal agencies to detect, respond to, and protect against state-sponsored cyberattacks. Our commitment is to ensure that these entities have access to sophisticated audit logs, fostering a collaborative environment with the government to enhance cybersecurity protocols.” This statement underlines Microsoft’s resolve to bridge any gaps in cybersecurity practices and reinforces its dedication to safeguarding federal operations against burgeoning cyber threats.
With these enhancements in Microsoft’s cybersecurity support for federal agencies, the landscape of digital security within governmental spheres is set to improve significantly. This initiative is not only a testament to Microsoft’s commitment to national cybersecurity but also serves as a benchmark for other tech corporations in the fight against global cyber threats.
