Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,588
- Points
- 113
Chinese hackers have taught a lesson, forcing the company to prioritize cybersecurity.
After the Chinese hacker group Storm-0558 hacked dozens of corporate and government Exchange and Microsoft 365 accounts in July, Microsoft increased the storage period for audit logs in Microsoft Purview.
Among the affected organizations were government agencies in the United States and Western Europe, including the US State Department and the Department of Commerce. In September, the State Department said it had stolen at least 60,000 emails from the Outlook accounts of politicians working in East Asia, the Pacific and Europe.
Microsoft revealed that attackers used the client's cryptographic key obtained after hacking the corporate account of a Microsoft engineer. Using the key, hackers managed to break into the Exchange Online and Azure Active Directory (AD) accounts, gaining access to government emails.
Changes to maintaining audit logs were announced today. In the coming weeks, the changes will be available to Microsoft Purview Audit customers with standard licenses, starting with enterprise customers in October and government customers in November.
"Starting in October 2023, we started implementing changes to extend the default retention period to 180 days from 90 for audit logs created by Audit (Standard) clients. Owners of Audit (Premium) licenses will continue to use the default retention period of 1 year and the ability to last up to 10 years," said a Microsoft Purview representative.
Under pressure from the Cybersecurity and Infrastructure Protection Agency (CISA), Microsoft has expanded access to cloud log data at no extra cost, which will help cybersecurity professionals detect similar hacking attempts in the future. Previously, such registration options were only available to customers with paid Purview Audit (Premium) licenses. Because of this, Microsoft has been criticized for limiting organizations ability to detect Storm-0558 attacks.
From December 2023, customers with Purview Audit (Standard) licenses will also have access to additional email access logs and 30 other Yammer/Viva Engage, Teams, Exchange, and SharePoint events previously available only to customers with Premium licenses.
Audit (Premium) license holders will still have a longer standard retention period, wider access to data export, high-speed API access, and logs improved with Microsoft's AI-powered smart hints.
After the Chinese hacker group Storm-0558 hacked dozens of corporate and government Exchange and Microsoft 365 accounts in July, Microsoft increased the storage period for audit logs in Microsoft Purview.
Among the affected organizations were government agencies in the United States and Western Europe, including the US State Department and the Department of Commerce. In September, the State Department said it had stolen at least 60,000 emails from the Outlook accounts of politicians working in East Asia, the Pacific and Europe.
Microsoft revealed that attackers used the client's cryptographic key obtained after hacking the corporate account of a Microsoft engineer. Using the key, hackers managed to break into the Exchange Online and Azure Active Directory (AD) accounts, gaining access to government emails.
Changes to maintaining audit logs were announced today. In the coming weeks, the changes will be available to Microsoft Purview Audit customers with standard licenses, starting with enterprise customers in October and government customers in November.
"Starting in October 2023, we started implementing changes to extend the default retention period to 180 days from 90 for audit logs created by Audit (Standard) clients. Owners of Audit (Premium) licenses will continue to use the default retention period of 1 year and the ability to last up to 10 years," said a Microsoft Purview representative.
Under pressure from the Cybersecurity and Infrastructure Protection Agency (CISA), Microsoft has expanded access to cloud log data at no extra cost, which will help cybersecurity professionals detect similar hacking attempts in the future. Previously, such registration options were only available to customers with paid Purview Audit (Premium) licenses. Because of this, Microsoft has been criticized for limiting organizations ability to detect Storm-0558 attacks.
From December 2023, customers with Purview Audit (Standard) licenses will also have access to additional email access logs and 30 other Yammer/Viva Engage, Teams, Exchange, and SharePoint events previously available only to customers with Premium licenses.
Audit (Premium) license holders will still have a longer standard retention period, wider access to data export, high-speed API access, and logs improved with Microsoft's AI-powered smart hints.
