Puts me in mind of this scathing report from CISA on how a state-sponsored group broke into Microsoft and then into the State Department and a bunch of other agencies. Reads like a heist movie.
https://www.cisa.gov/sites/default/files/2024-03/CSRB%20Revi...
What I found most incredible about the story is that it wasn't Microsoft who found the intrusion. It was some sysadmin at State who saw that some mail logs did not look right and investigated.
Don't worry CISA and any other involved regulator were gutted by DOGE.
Is that true or you’re just assuming it’s so?
It’s true, and briefly made the news at the time[1]. The CSRB was also decimiated, and the current DHS deputy secretary, in his confirmation hearing, called for wrecking the agency, as he disagrees with their efforts to maintain election security.
---
[1] https://techcrunch.com/2025/03/11/doge-axes-cisa-red-team-st...
I definitely remember DOGE gutting CISA. Other cuts were not always due to DOGE. A good chunk of the FBI's computer security and counter intelligence people got reassigned to immigration enforcement. The committee investigating the US cell network hacks got cut extensively but I don't remember who did it.
[flagged]
Azure security has been a joke since like ever. Its incredible how they managed to start from scratch, and still brought into their Cloud, the same issues they had in Windows since inception. Only Cloud to have not one, but two security events, that broke isolation barriers between tenants...
"Azure's Security Vulnerabilities Are Out of Control" - https://www.lastweekinaws.com/blog/azures_vulnerabilities_ar...
"Microsoft comes under blistering criticism for “grossly irresponsible” security" - https://arstechnica.com/security/2023/08/microsoft-cloud-sec...
Ah yes, back when the US actually had cyber defence and experts capable of working in their respective fields.
They're the ones that had the Microsoft tech procured and implemented.
There's a decent chance they're the ones who said "no!" and got overruled.
(See also: quite a few bits of COVID mitigation)
This, exactly. There are so many "cyber experts" working for the U.S. government, and the vast majority are just cogs in a machine constructed by executive leadership who will always prefer inertia over radical changes.
I don't think this is that much to do with executive leadership. Many of those cyber experts only have a job because of Microsoft based tooling and vulnerabilities, and so they will prefer things they know over things they don't know (e.g. implementing permissions across a Linux estate).