A U.S. review board tasked with investigating major cybersecurity incidents said it will begin looking at the recent intrusion of U.S. government email systems provided by Microsoft, whose handling of the incident drew ire and scrutiny from federal lawmakers and the wider security community.
The Cyber Security Review Board, or CSRB, said Friday that its latest investigation will include a “broader review of issues relating to cloud-based identity and authentication infrastructure.”
The board said it began considering an investigation after learning of the Microsoft cloud breach, which saw China state-backed hackers break into government email accounts, including the inbox of U.S. Commerce Secretary Gina Raimondo, several officials at the U.S. State Department, and other organizations not yet publicly named.
According to the slow-drip of information about the incident, Microsoft said China-backed hackers stole a sensitive signing key that allowed unauthorized access to enterprise and government email inboxes hosted by the technology giant. That stolen key, coupled with a flaw that Microsoft has since patched, allowed the forging of authentication tokens that the hackers used to access the target’s email a …
