>>Vendors are upset with Microso...
The attacks stood out because it was the US government, not Microsoft, that discovered them first.
InfoSec experts claim that Microsoft has fallen short of its security obligations after several years of transparency problems, patch bypasses, and tense interactions with the security community. As a result of a breach that Microsoft announced last month, a Chinese nation-state threat actor known as Storm-0558 acquired access to 25 different companies, including U.S. government institutions. Using Outlook Web Access in Exchange Online and Outlook.com, the threat actor broke into accounts by taking advantage of a "token validation issue," according to Microsoft. The attacks stood out because it was the US government, not Microsoft, that discovered them first. According to CISA, the federal civilian executive branch (FCEB) found suspicious activity for the first time in June in its Microsoft 365 environment.
According to CISA's recommendation, the FCEB had activated improved logging for its Microsoft 365 services, which are only available to the most expensive 365 license agreement levels E5 and G5. The alert stated that "CISA and FBI are not aware of any other audit logs or events that would have detected this activity." Late last month, Oregon Senator Ron Wyden published an open letter to Attorney General Merrick Garland, FTC Chair Lina Khan, and CISA Director Jen Easterly in response to Microsoft's handling of the breach. In it, Wyden urged the three officials to "take action to hold Microsoft accountable for its negligent cybersecurity practices, which enabled a successful Chinese espionage campaign against the United States government."