News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers
Business of Tech | Microsoft Grapples with Aftermath of Recent Cloud Service Breach

I don’t cover breaches because the story moves quickly, yet it is pretty much the same each time without new lessons.   That said, certain ones become notable.  Let’s catch up on the Microsoft breach.

Microsoft’s cloud service has been breached twice in two years, with the most recent attack by hackers based in China.  The initial review found email compromise of the US government across 25 agencies, including the email accounts of the US Commerce Secretary, the US Ambassador to China, and the Assistant Secretary of State for East Asia.  Microsoft has revoked the compromised key.   Microsoft downplayed the likelihood of the hackers going beyond email accounts, and the Cybersecurity and Infrastructure Security Agency has not seen any evidence of this. No classified information is believed to have been taken, and Microsoft has attributed the attack to a Chinese group. 

Further investigation of the Storm-0558 potentially places a broader swathe of Microsoft cloud services at risk than previously thought, including personal Microsoft accounts for services like Skype and Xbox.  It turns out that the swiped MSA key could have allowed the threat actor to also forge access tokens for “multiple types of Azure Active Directory applications, including every application that supports personal account authentication, such as SharePoint, Teams, OneDrive, customers’ applications that support the ‘login with Microsoft’ functionality, and multitenant applications in certain conditions,” according to research from Wiz released July 21.

The full scope of actual compromise stemming from the situation will take weeks, if not months, to determine, and some Azure AD customers could potentially still be targets, given that Storm-0558 could have leveraged its access to establish persistence by issuing itself application-specific access keys or setting up backdoors.

The House Oversight and Accountability Committee is investigating the alleged Chinese hack. The Senate is also seeking additional information about the breach.   There has been specific criticism of Microsoft for its handling of the situation, and Senators have urged the Cyber Safety Review Board to investigate the incident and scrutinize Microsoft’s security practices.

Three key questions remain unanswered: where did the attackers obtain a Microsoft account consumer signing key, use the same key in multiple customer environments, and use the key or other flaws to move between Office 365 Government and Office 365 Commercial?

Why do we care?

Attacks on the government have the advantage of a higher level of disclosure.  Attacks on the federal government have the benefit of politicians looking for answers with high-profile platforms.   Thus, we learn a lot.     And why we care now.  It’s moved beyond just a breach story to become a learning one.  

One clear result is that Microsoft was pressured into releasing additional logging tools for all customers.   Because a customer found evidence of this breach, this is good news.   

The calls should be for more transparency.   This is critical infrastructure; insight and illumination will be the key strategy for ongoing success.    Let’s see what we learn, and what comes of it.    

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories