Some days ago I set up a list of questions regarding the Bundeswehr Leak of last week. During my discussion I touched the question that the BWI had praised its rollout of MS-based email-systems and Sharepoint platforms in large scale within the BW after Oct., 2021. Ironically I asked the question how the CCC would comment on this implementation of “notoriously insecure systems”.
Well, we do not need to ask the CCC any more. Yesterday, MS itself and the press informed the public once again that central key systems of Microsoft in the US are under attack. Probably a Russian hacker group is responsible. Actually, the present hacker activities continue and escalate an attack that already started in November 2023. It seems to be a fact that information gathered from core and central email systems is now abused systematically. Apparently, these emails have been stolen from executives and security staff. See also the article in the Washington Post about this topic.
You find more information at the following resources:
https://edition.cnn.com/ 2024/03/08/ tech/ microsoft-russia-hack/ index.html
https://www.washingtonpost.com/ technology/ 2024/03/08/ microsoft-hack-email-russia/
I hope that responsible managers at the BMVg or BWI read some of these information channels, too. And take notice of the comments of security officers of Sentinel One and CrowdStrike cited in the articles. And afterward reevaluate whether the broad rollout of MS-systems in the Bundeswehr really is a success story.