“Microsoft’s ubiquitous and critical products, which underpin essential services that support national security, the foundations of our economy, and public health and safety, require the company to demonstrate the highest standards of security, accountability, and transparency. “
A critical statement made by the Cybersecurity and Infrastructure Security Agency’s Cyber Safety Review board, regarding their review of the known nation state actor: Storm-0558, that had breached Microsoft customer email accounts allegedly for up to six weeks during 2023. The initial access vector is still yet to be verified by Microsoft – nine months after the discovery of the intrusion.
Those of the 22 enterprise organisations and 503 personal accounts on the victim list included the U.S. Department of State, U.S. Department of Commerce, and U.S. House of Representatives. I encourage all those security minded to read at least the introduction to understand the inherent risk posed by our reliance on cloud providers, and the greater need for improvement in transparency, security standards and risk management.
NPD4n6: Nicks DFIR blog 
Leave a comment