Security News

Microsoft Cloud Breach: 5 Key Findings From Wiz

Kyle Alspach

Researchers at cloud security vendor Wiz suggest the breach that impacted Microsoft cloud email users was ‘more impactful’ than previously understood.

Microsoft Cloud Breach

The recent compromise of Microsoft cloud email accounts is troubling for a number of reasons, including the fact that multiple U.S. government agencies were among the victims of the China-linked hack. But according to researchers at cloud security vendor Wiz, the impacts of the incident could go much further than previously admitted by Microsoft.

[Related: Microsoft Cloud Email Breach: 5 Things To Know]

Microsoft has said a stolen Azure Active Directory key was misused to forge authentication tokens and gain access to emails from an estimated 25 organizations. The Redmond, Wash.-based tech giant said it has since fixed an API flaw that helped to enable the hack (though the company said July 14 that it didn’t know how an attacker was able to steal an Azure AD key used in the compromise). 

Microsoft has attributed the breach to a hacking group working on behalf of the Chinese government, which the company tracks under the identifier “Storm-0558.” The breach — which is believed to have begun on May 15 — was discovered after a U.S. federal civilian agency “identified suspicious activity in their Microsoft 365 (M365) cloud environment,” and reported it to Microsoft, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in a post.

Several reports have identified the agency as the State Department. Media reports indicate that the Commerce Department was also impacted in the attacks, and that an account belonging to Commerce Secretary Gina Raimondo was among those compromised in the breach.

According to CISA, the data stolen in the attack was not classified, and the number of impacted accounts was minimal. “Microsoft determined that APT actors accessed and exfiltrated unclassified Exchange Online Outlook data from a small number of accounts,” CISA said in its post.

Researchers at Wiz, however, suggest that Microsoft customers will want to take another look at the potential impacts from the breach, given their latest findings. “We believe this event will have long-lasting implications on our trust of the cloud and the core components that support it, above all, the identity layer which is the basic fabric of everything we do in cloud,” wrote Shir Tamari, head of research at Wiz, in a post about the Wiz research team’s findings. In recent years, Wiz has discovered numerous security issues impacting Microsoft cloud platforms including Azure.

In a statement provided to CRN Monday, responding to the Wiz findings, Microsoft said that it has “not observed those outcomes in the wild.”

What follows are five things to know about Wiz’s findings on the Microsoft cloud email breach.

Kyle Alspach

Kyle Alspach is a Senior Editor at CRN focused on cybersecurity. His coverage spans news, analysis and deep dives on the cybersecurity industry, with a focus on fast-growing segments such as cloud security, application security and identity security.  He can be reached at

Sponsored Post


Advertisement exit