To help US government agencies defend against foreign statesponsored adversaries, Microsoft is expanding its free logging features in some products.
A Cybersecurity and Infrastructure Security Agency (CISA) announcement revealed reported all US federal agencies using Microsoft Pureview Audit will be granted the upgrade, regardless of their license tier.
The move comes in response to a cyberattack against U.S. government agencies that was discovered last summer.
Logs to the rescue
In July 2023, the US State Department tipped Microsoft off on a cyberespionage campaign that leveraged forged authentication tokens for Outlook Web Access in Exchange Online, and Outlook.com.
Microsoft later attributed the attack to Storm0558, allegedly a Chinese statesponsored threat actor usually engaged in cyberespionage against Western organizations and governments. Storm0558 gained access to more than two dozen email accounts and obtained an unknown amount of sensitive information.
The US State Department was able to discover the attack by analyzing unclassified Microsoft 365 audit logs, available in Microsoft Pureview Audit for Premium subscribers.
“Storm0558 operates with a high degree of technical tradecraft and operational security,” Microsoft explained. “The actors are keenly aware of the target’s environment, logging policies, authentication requirements, policies, and procedures.”
Storm0558 apparently used two malware, Bling and Cigril, with the latter being described as a trojan capable of decrypting encrypted files and running them directly from system memory on the target endpoint.
Via TheHackerNews