Yet another significant government data breach...
Hardly a day goes by when we don’t learn of another significant data breach in government. And it seems there is no government department at any level that is completely immune from data infiltration from nefarious actors. Even the nation’s most critical government offices responsible for multi-billion-dollar budgets and thousands of employees stateside and around the world are vulnerable to potentially crippling and costly data breaches by zealous hackers who are more cunning than ever. The latest targets: The U.S. Departments of State and Commerce, as well as others located in Western Europe.
Hackers will leave no stone unturned in seeking ways to infiltrate government IT systems. In the latest round of cyberattacks, officials suspect that a group of hackers based in China breached Microsoft Outlook email accounts linked to the two U.S. agencies. In the case of infiltration at the State Department, Microsoft and U.S. Cybersecurity and Infrastructure Security Agency, or CISA, experts suspect that hackers accessed and exfiltrated unclassified Exchange Online Outlook data from a limited number of accounts. A similar breach also occurred at the Commerce Department; officials there were notified by Microsoft, at which time the Department took immediate action to mitigate any considerable damage or extensive downtime.
State Department officials were able to detect the infiltration “fairly rapidly,” according to a State Department spokesperson, and officials there were able to prevent any further breaches by the Chinese hackers, codenamed Storm-0558. After gaining access to email data from about 25 organizations in mid-May, Storm-0558 was able to remain undetected for a month, lurking behind the scenes.
Asked about its country perpetrating the multiple infiltration efforts, a spokesman for the Chinese government turned the tables, accusing the U.S. of being the greatest international perpetrator of cyberattacks. In fact, the cyberattack campaign was launched in the run-up to Secretary of State Antony Blinken’s recent trip to Beijing for talks with Chinese officials.
U.S. experts believe the Chinese hackers used “forged authentication tokens to access user email using an acquired Microsoft account consumer signing key,” according to one Microsoft cybersecurity executive. Yet how the hackers obtained the signing key remains a mystery. Some speculate that Microsoft itself may have been breached. Logging can allow experts to sift through digital clues to determine if a specific department has been hacked, and who may be responsible. It raises the issue of whether Microsoft should sell logging as a premium add-on for government clients, or provide it free as part of its product. The jury is still out, but government cybersecurity experts assert that requiring it as a cost-additional add-on could hinder a proper forensic examination of whether a hack has taken place, where it initiated, and from whom.
GovNet is dedicated to working with government IT officials at all levels to assess security protocols currently in place, determining what vulnerabilities exist, and working to develop a comprehensive plan to adopt measures to prevent cyberattacks and establish recovery systems to mitigate damage and downtime in the event of a nefarious breach or natural disaster. Contact GovNet today for a free consultation.