Driving the day

— Microsoft’s email breach goes deeper than first thought.

HAPPY MONDAY and welcome to MORNING CYBERSECURITY! I’m just coming back from a weeklong vacation at my parents’ house in my hometown, and I’m here to remind you that there’s nothing better than home-cooked meals.

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find me on X at @JGedeon1 or email me at [email protected]. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below.

Today's Agenda

Director of international narcotics and law enforcement at the U.S. Embassy in Hanoi Ryan McKean is joining experts at the United States Institute of Peace for a virtual discussion on cyber scams and human trafficking in Cambodia and Vietnam. 9 p.m.

On the Hill

NOT AGAIN — The Kremlin-backed hackers who breached Microsoft’s systems earlier this year didn’t just peek at staff inboxes — they also nabbed customer emails. This revelation, coming six months after the initial disclosure, significantly broadens the impact of the Midnight Blizzard attack.

The timing couldn’t be worse for Microsoft. Already under the congressional microscope for a separate Chinese hack that snagged U.S. government emails, the company again faces tough questions about its cybersecurity chops and transparency.

“We are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor, and we are providing the customers the email correspondence that was accessed by this actor,” company spokesperson Kate Frischmann said in a statement over the weekend.

— Cyber woes far from over: House Homeland Security Committee ranking member Bennie Thompson (D-Miss.) tells MC he’s keeping tabs on Microsoft’s promised security reforms. When asked whether this could trigger another Microsoft hearing down the line, Thompson said he will “closely monitor” both the federal response and the company’s efforts to deal with the “entirely avoidable” breach.

“These new notifications serve as a reminder that the government has a national security obligation to evaluate the degree to which reliance in a single vendor creates risk and how that risk can be mitigated and I am committed to making sure that happens,” Thompson said.

— Action on the horizon: Senate Armed Services Committee member Sen. Eric Schmitt (R-Mo.) in June introduced two amendments taking aim at Microsoft in the 2025 National Defense Authorization Act.

Those amendments would:

1. Allow Pentagon entities to seek alternative cybersecurity services.
2. Require defense contractors operating in China to disclose if forced to share vulnerabilities with Beijing.

— The intrigue: Microsoft’s dominance in federal IT has long been a given. But with these security slip-ups piling up, that could change. The Senate amendments, while not naming names, are a thinly veiled swipe at Microsoft’s cozy relationship with the Pentagon and its presence in China.

Still, Microsoft’s cyber troubles are looking like they’re more than just a PR headache. National security concerns for the company could kick-start another round of grueling congressional hearings.

CYBER CASH — In a razor-thin 212-203 vote, House Republicans pushed through a contentious Homeland Security appropriations bill that includes a $2.9 billion cybersecurity funding package late last week.

The near party-line vote hands a solid budget boost to CISA for 2025, but not without some controversy.

— Under the hood: The bill earmarks $2.4 billion for CISA operations and another $494 million for procurement, which promises to amp up America’s cyber defenses. A key provision also allows CISA to share threat feeds with state and local entities.

— What’s next: The bill in general lurches to the Republican right, and the Democrat-led Senate hasn’t even introduced their version of the appropriations bills yet. Nothing is on the schedule yet, and the Senate is off for holiday this week, but we expect a rocky road ahead.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

Election Security

TOOK THE NIGHT OFF — While all the pundits and bloggers were buzzing about the Biden-Trump presidential debate, attackers were certainly not.

Data from website security firm Cloudflare shows the debate didn’t trigger a surge in cyberattacks. That’s a somewhat surprising development, considering how attackers are usually galvanized by big events to flex their disinformation or hacking prowess.

But don’t expect them to be going anywhere: the relative calm follows months of sustained assaults to overwhelm and crash networks on government and political websites, according to Cloudflare.

— Internet traffic nosedive: Cloudflare’s analysis shows that internet usage plummeted across the nation during the debate. Vermont was the highest at a 17 percent drop, followed closely by South Dakota, Wyoming and Alaska at 16 percent each. Battleground states also weren’t immune, experiencing traffic dips between 5 and 8 percent.

— Opposite it true for social media: Social media platforms saw a notable uptick, as video-sharing giants TikTok and YouTube experienced a 4 percent boost in DNS traffic — which is quite rare for those already popular sites. As for X and Threads, traffic growth peaked at 41 percent as the debate kicked off.

— Still some red flags: Email campaigns featuring “Trump” were significantly more likely to contain spam or malicious content than those mentioning “Biden.”

That’s a real concern to pay attention to when it comes to incoming disinformation campaigns and other cyber threats as election season gets hotter.

The International Scene

ELECTION WEEK IN THE U.K. — While a segment of the United Kingdom narrowly avoided a hot L in the Euros, trouble is still on the horizon as the country gears up for elections later this week.

— The details: Cybersecurity firm ZeroFox assesses foreign entities pose a “significant risk” to the U.K., and are poised to launch disinformation campaigns, hack voter databases, and disrupt voting processes. The situation is further exacerbated by increased campaign spending limits and the advent of AI in political advertising.

ZeroFox researchers say the tactics take the shape of stealthy, yet mass-scale disinformation campaigns, deepfakes and “half-truths” that appear designed to influence voter behavior.

— Look a bit closer: Andrew Borene, executive director of threat intelligence firm Flashpoint, warns of a broader pattern.

“This kind of election interference is exactly the kind of concerted malign influence that we’ve been observing in all open societies by actors like Russia’s Federal Security Service and Chinese Ministry of State Security since at least 2016,” Borene said.

— Key date: Election day in the U.K. is this Thursday, July 4.

Tweet of the Day

Our secrets are being exposed.

Quick Bytes

YEAR OF THE ATTACKS — Data breaches in 2024 have been massive, exposing more than a billion personal and medical records, writes Zack Whittaker for TechCrunch.

FAKE IT TILL YOU MAKE IT — Fake IT support sites are using malicious PowerShell scripts disguised as fixes for common Windows errors to steal user information, reports BleepingComputer’s Lawrence Abrams.

“Some western Canada Co-ops still closed following cybersecurity incident” (CBC)

Chat soon.

Stay in touch with the whole team: Joseph Gedeon ([email protected]); John Sakellariadis ([email protected]); Maggie Miller ([email protected]); and Heidi Vogt ([email protected]).

Follow us on Twitter


• Heidi Vogt @HeidiVogt
• Maggie Miller @magmill95
• John Sakellariadis @johnnysaks130
• Joseph Gedeon @JGedeon1

Follow Us