Chinese state hackers Storm-0558 had virtually unlimited access to Federal Government Microsoft 365 accounts for three years. How could it happen? Why was it undetected for three years? Did the attackers leave behind traps that could cause further breaches? 

Senator Ron Wyden (D-OR) has demanded investigations into Microsoft by the Department of Justice, the Federal Trade Commission, and the Cybersecurity and Infrastructure Security Agency (CISA) in response to the breach. 

The hackers raided US government email accounts by acquiring a private encryption key and using it to forge access. The key permitted access to Outlook, SharePoint, OneDrive, and Teams and raised the possibility that these hackers had access to sensitive data for years. 

Hackers have been attacking Microsoft 365 with phishing and malware for years. Most organizations use Email Security solutions to scan and mostly block those attacks. But Storm-0558 attack did not start with a malicious email.  Have Email Security solutions evolved to the point where they can identify and block compromised accounts? How can government agencies protect users and sensitive, confidential, or classified data? 

Lotem Finkelsteen is a long-time cybersecurity expert and the Director of Threat Intelligence at Check Point. He and his team spent many hours dissecting this attack. Join Lotem and Jonathan Gold Shalev, Head of Product Management for Email Security at Check Point, as they explain how the hackers got in, how they used their access, what it possibly means to the government and all Microsoft 365 users, and how we should think about protecting our Microsoft 365 from these sophisticated attacks.