Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.
Most of the 10 State Department email accounts impacted by the Microsoft breach belonged to individuals working on East Asia and the Pacific, particularly on Indo-Pacific diplomacy initiatives, said the staffer, who refused to be named.
Threat actors were previously reported by Microsoft to have facilitated the compromise of nearly 25 organizations' emails after breaching its engineer's corporate account. Such an attack has already prompted the State Department to collaborate with various vendors in transitioning to hybrid environments, as well as strengthening multi-factor authentication implementation.
"We need to harden our defenses against these types of cyberattacks and intrusions. We need to take a hard look at the federal government's reliance on a single vendor as a potential weak point," said Schmitt.
Malware-free intrusions have become the leading cybersecurity threat against small- to medium-sized businesses, accounting for 56% of all cyber incidents during the third quarter, SiliconAngle reports.
Four high-severity Microsoft Exchange flaws reported by Trend Micro's Zero Day Initiative were noted by Microsoft to have been addressed or not need immediate servicing as required authentication would significantly reduce their odds of being exploited, SecurityWeek reports.
Email security: The current threat landscape, the latest tools/techniques
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news