Security News > 2023 > July > Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats

Microsoft on Wednesday announced that it's expanding cloud logging capabilities to help organizations investigate cybersecurity incidents and gain more visibility after facing criticism in the wake of a recent espionage attack campaign aimed at its email infrastructure.

"Over the coming months, we will include access to wider cloud security logs for our worldwide customers at no additional cost," Vasu Jakkal, corporate vice president of security, compliance, identity, and management at Microsoft, said.

"As these changes take effect, customers can use Microsoft Purview Audit to centrally visualize more types of cloud log data generated across their enterprise."

The U.S. State Department, which was one among the affected entities, said it was able to detect the malicious mailbox activity in June 2023 due to enhanced logging in Microsoft Purview Audit, specifically using the MailItemsAccessed mailbox-auditing action, prompting Microsoft to investigate the incident.

Attacks mounted by the actor are said to have commenced on May 15, 2023, although Microsoft that the adversary has displayed a propensity for OAuth applications, token theft, and token replay attacks against Microsoft accounts since at least August 2021.

Microsoft, in the meanwhile, is continuing to probe the intrusions, but to date the company hasn't explained how the hackers were able to acquire an inactive Microsoft account consumer signing key to forge authentication tokens and obtain illicit access to customer email accounts using Outlook Web Access in Exchange Online and Outlook.com.

News URL

https://thehackernews.com/2023/07/microsoft-expands-cloud-logging-to.html