Mar 15, 2024

I just received news about a recent Microsoft breach that seems to be ongoing. The Russian Foreign Intelligence Service (SVR)-linked group that breached Microsoft in November is still accessing the vendor’s systems. This breach was originally disclosed in late January, and it’s concerning that the group is still gaining access to Microsoft’s systems, including source code repositories and internal systems. There’s also mention of a Chinese government directive called ‘Document 79’ or “Delete A”, which requires state-owned companies in China to replace foreign software in their IT systems by 2027. This raises concerns about asymmetry and security regarding Chinese companies operating in America versus US companies operating in China.

Additionally, there’s information about the AlphV aka BlackCat group, which was disrupted by the FBI in mid-December and then struck back with an attack on Change Healthcare in February. This highlights the effectiveness of law enforcement disruption operations and the potential consequences of such attacks. The report also covers the exploitation of a recently patched Microsoft flaw in zero-day attacks by the DarkGate malware, which is alarming.

Overall, these issues require immediate attention, especially the ongoing breach of Microsoft systems and the potential consequences of the Chinese government directive to replace foreign software in Chinese IT systems. The effectiveness of law enforcement disruption operations and the exploitation of recently patched security flaws also raise concerns about the current state of cybersecurity.

Stay Well!