Cyber Safety Review Board releases report on Microsoft Exchange intrusion, offers best practices for cloud security providers

The DHS-led Cyber Safety Review Board has released a report following an investigation into the Microsoft Online Exchange intrusion last year, offering a highly critical review of the company’s “security culture” and recommendations for leadership to address security issues in product development.

“In May and June 2023, a threat actor compromised the Microsoft Exchange Online mailboxes of 22 organizations and over 500 individuals around the world. The actor -- known as Storm-0558 and assessed to be affiliated with the People’s...