Scammers are now operating openly, without any fear of legal repercussions. These audacious criminals are not even attempting to hide their illicit activities.
The most high-profile of these breaches involved a China-based hacking group named Storm-0558, which breached Microsoft’s Azure service and collected data for over a month in mid-2023 before being discovered and driven out. This breach exposed sensitive data from 25 of Microsoft’s Azure customers, including US federal agencies.
In response to these security failures, Microsoft announced the “Secure Future Initiative” in November 2023. As part of this initiative, Microsoft plans to secure 100 percent of all its user accounts with securely managed, phishing-resistant multifactor authentication, enforce least-privilege access across all applications and user accounts, improve network monitoring and isolation, and retain all system security logs for at least two years.
However, despite these measures, Microsoft was breached again in January by the Russian state-sponsored hacking group Midnight Blizzard. The group was able to compromise a legacy non-production test tenant account to gain access to Microsoft’s systems for as long as two months.
Read more at: arstechnica.com