[German]In 2023, Microsoft had to admit to hacks of its Exchange Online and Azure services. Bloomberg is now reporting that Amazon has paused its plans to roll out Microsoft 365 in the company. This is due to security concerns following the hack by the alleged Russian group Midnight Blizzard.
Advertising
Amazon has security concerns
I already came across this topic via this post on BlueSky, which Bloomberg took up in an article (behind registration). Amazon wants to invest around one billion US dollars over five years to use Microsoft 365 in the cloud across the entire group with around 1.5 million workstations. However, this has been put on hold for the time being.
The short version: As a major customer, Amazon uses Microsoft 365 with the Office applications Word, Excel etc., but has hosted these on its own servers up to now. Now the rollout of Microsoft 365 was supposed to take place, but the project has been halted for at least a year. According to Bloomberg, Amazon's security concerns are the reason why the rollout has been paused.
Amazon has provided Microsoft with a list of changes that must be met before Office 365 applications are deemed safe for the company to use. This also includes features in the productivity software that make it easier to track user activity for security purposes.
Background: Midnight Blizzard hack
In January 2024, it became known that hackers from the state group Midnight Blizzard Hackers were able to penetrate Microsoft's email system and read targeted messages from executives or security experts. The hackers had been in the system since November 2023, as I noted in the blog post Microsoft hacked by Russian Midnight Blizzard; emails exfiltrated since Nov. 2023.
Advertising
In the blog post How Midnight Blizzard hackers were able to penetrate Microsoft's email system, I traced the hackers' attack path. It points to a chain of omissions on Microsoft's part. But Redmond played it down and said "danger recognized, danger averted, the hackers from Midnight Blizzard have been successfully locked out". Microsoft later had to admit that the attacks by Midnight Blizzard were continuing – but it remained unclear whether the attackers were still able to access Microsoft's systems.
I traced the hackers' attack path in the blog post. It points to a chain of omissions on Microsoft's part. But Redmond played it down and said "Danger recognized, danger averted, the hackers from Midnight Blizzard have been successfully locked out". Microsoft later had to admit that the attacks by Midnight Blizzard were continuing – but it remained unclear whether the attackers were still able to access Microsoft's systems.
Microsoft later had to admit that customers were also affected by this hack (see Microsoft: News from the Midnight Blizzard hack – customers may also be affected). The attackers were able to read emails from Microsoft employees to customers. There is a risk that the emails could contain information for the attackers that could put customers at risk. This information has led US authorities and major customers to look for alternatives. I think the above situation falls exactly into this category. I find it very surprising – I hear from some IT managers that there is no alternative to Microsoft 365 and that there is little questioning of it.
Similar articles:
China hacker (Storm-0558) accessed Outlook accounts in Microsoft's cloud
Follow-up to the Storm-0558 cloud hack: Microsoft is still in the dark
After CISA report on Storm-0558 hack, Microsoft provides customers with enhanced cloud logging
Stolen AAD key allowed (Storm-0558) wide-ranging access to Microsoft cloud services
Microsoft's Storm-0558 cloud hack: US senator among the victims
Microsoft's Storm-0558 cloud hack: MSA key comes from Windows crash dump of a PC
Microsoft extends Purview logging (after Storm-0558 hack)
Microsoft hacked by Russian Midnight Blizzard; emails exfiltrated since Nov. 2023
How Midnight Blizzard hackers were able to penetrate Microsoft's email system
Microsoft confirms: Russian spies (Midnight Blizzard) stole source code while accessing systems
Microsoft: News from the Midnight Blizzard hack – customers may also be affected
Hewlett Packard Enterprise (HPE) hacked by Midnight Blizzard since May 2023
Microsoft as a Security Risk? U.S. senator calls for Microsoft to be held accountable over Azure cloud hack– Part 1
Microsoft as a Security Risk? Azure vulnerability unpatched since March 2023, heavy criticism from Tenable – Part 2
Whistleblower: Microsoft ignored warnings about AD bug; was exploited in 2020 SolarWinds hack
Microsoft engages in damage limitation at congressional hearing (13.6.2024): Safety takes priority over AI
Midnight Blizzard hack: Microsoft sends notification to customers by email that ends up in SPAM folders
Advertising
