---
title: "Trump fires investigators, Microsoft 365 Threats, US Cybersecurity Insufficient | DMARC Report"
description: "Trump fires investigators, Microsoft 365 Threats, US Cybersecurity Insufficient from DMARC Report explains practical steps for email authentication, domain."
image: "https://dmarcreport.com/og/blog/trump-fires-investigators-microsoft-365-threats-us-cybersecurity-insufficient.png"
canonical: "https://dmarcreport.com/blog/trump-fires-investigators-microsoft-365-threats-us-cybersecurity-insufficient/"
---
Quick Answer
\_According to the FBI's 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report Trump fires investigators, Microsoft 365 Threats, US Cybersecurity Insufficient
Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/)
Share
[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Ftrump-fires-investigators-microsoft-365-threats-us-cybersecurity-insufficient%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Trump%20fires%20investigators%2C%20Microsoft%20365%20Threats%2C%20US%20Cybersecurity%20Insufficient&url=undefined%2Fblog%2Ftrump-fires-investigators-microsoft-365-threats-us-cybersecurity-insufficient%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Ftrump-fires-investigators-microsoft-365-threats-us-cybersecurity-insufficient%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Ftrump-fires-investigators-microsoft-365-threats-us-cybersecurity-insufficient%2F&title=Trump%20fires%20investigators%2C%20Microsoft%20365%20Threats%2C%20US%20Cybersecurity%20Insufficient "Share on Reddit") [ ](mailto:?subject=Trump%20fires%20investigators%2C%20Microsoft%20365%20Threats%2C%20US%20Cybersecurity%20Insufficient&body=Check out this article: undefined%2Fblog%2Ftrump-fires-investigators-microsoft-365-threats-us-cybersecurity-insufficient%2F "Share via Email")
> The support tickets we get after a spoofing incident all start the same way: ‘we didn’t know someone was sending email from our domain,’ says Vasile Diaconu, Operations Lead at DuoCircle. DMARC reporting would have caught it weeks earlier. The cost of monitoring is nothing compared to the cost of a successful impersonation attack.
\_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report
Trump fires investigators, Microsoft 365 Threats, US Cybersecurity Insufficient
```
```
/
```
```
RSS Feed
```
Share
Link
Embed
```
/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-20105” readonly/>
```
```
Every day we wake up to the news of a fresh new threat attack in one or the other corner of the world. With governments around the world putting in so much effort to keep their people cyber-safe, this is our \*\*humble attempt at keeping you aware of what’s happening around the [cyber ecosystem](https://www.ox.ac.uk/news/2024-11-12-new-ukri-funded-network-bolster-uk-s-cyber-security-research-ecosystem). By keeping yourself updated, you reduce the chance of being a cyber victim significantly.
It’s your vigilance and cyber knowledge that will enable you to stay out of the clutches of [cybercriminals](https://www.voanews.com/a/alleged-leader-of-cybercriminals-extradited-to-us/7741605.html).
_This is the 4th bulletin of the month, where we will talk about the sudden dismissal of the Salt Typhoon investigation team_. Then, we will focus on **Microsoft 365 attacks**. Lastly, we will shed light on the TikTok ban and its impact on US cybersecurity .
Are you all geared up to walk around the lanes of [cybersecurity](https://dmarcreport.com/blog/how-to-educate-or-train-employees-on-cybersecurity/)?
Let’s get started!
## Salt Typhoon hacking case investigators get fired by Donald Trump!
The very first day of Trump’s administration didn’t turn out to be smooth for the advisory committee members of the **Department of Homeland Security**. This includes the members of [CISA](https://securityintelligence.com/news/cisa-hackers-key-systems-offline/) (Cybersecurity and Infrastructure Security Agency) and [CSRB](https://www.cybersecuritydive.com/news/dhs-disbands-advisory-board-csrb/737976/) (Cyber Safety Review Board). Basically, the CSRB was involved in the investigation of the Salt Typhoon hacking case. [Salt Typhoon](https://www.darkreading.com/cyberattacks-data-breaches/chinas-salt-typhoon-cyberattacks-us-isps) is a China-based state-sponsored group of hackers who allegedly carried out data breaches across nine telecommunications networks in the last couple of months.
_The reason behind the sudden dismissal is said to be a well-thought-out plan for preventing ‘misuse of resources_.’
The CSRB members who have been fired include reputed cybersecurity personnel such as \*\*Chris Krebs as well as former [Biden administration](https://www.nbcnews.com/politics/joe-biden/biden-administration-keep-tiktok-available-us-rcna187902) officials.
There’s no clarity about the new participants.
## Email bombing and Vishing most common in Microsoft 365 attacks!
Two different [ransomware attack](https://www.msn.com/en-us/money/other/microsoft-teams-abused-in-russian-email-bombing-ransomware-campaign/ar-AA1xBlz5?apiversion=v2&noservercache=1&domshim=1&renderwebcomponents=1&wcseo=1&batchservertelemetry=1&noservertelemetry=1) groups are using email bombing and vishing tactics through Microsoft Office 365\. Certain cyber incidents that took place back in **November and December 2024**, respectively, led to a thorough investigation conducted by Microsoft. _The two groups have been tracked by cybersecurity experts as STAC5777 and STAC5143\. STAC5777 is also known as Storm-1811_. It is believed that STA5143 is applying the tactics which it has learnt from [Storm-1811](https://cybersecuritynews.com/rmm-tools-to-deliver-black-basta-ransomware/).
[Sophos MDR](https://news.sophos.com/en-us/2025/01/21/sophos-mdr-tracks-two-ransomware-campaigns-using-email-bombing-microsoft-teams-vishing/) ([Managed Detection and Response](https://www.trendmicro.com/vinfo/in/security/definition/managed-detection-and-response)) has stated that within the past two weeks, there have been more than 15 cyber incidents that include vishing and email bombing. Basically, the threat actors try to gain access to \*\*Microsoft’s remote control tools such as Teams screen sharing and Quick Assist. Then, the attackers try to gain control over the victim’s device.
Eventually, they [install malware](https://www.bleepingcomputer.com/news/security/new-xamalicious-android-malware-installed-330k-times-on-google-play/) on those devices. Next, they make Teams calls or send Teams messages from any of the cybercriminal-controlled Officen365 devices. Throughout the call, they pretend to be from the tech support team. These [threat actors](https://www.techradar.com/pro/security/microsoft-warns-us-healthcare-of-threat-actor-using-new-ransomware) also send out multiple [spam emails](https://cybernews.com/news/microsofts-breach-notification-emails-end-up-in-spam-folder/) so that the \*\*Outlook mailboxes get overwhelmed.
\*\*STAC5777 and STAC5143 deployed [Black Basta](https://www.msspalert.com/news/anatomy-of-a-black-basta-ransomware-attack-on-bankcard-usa) and Python ransomware to attack all the users.
_Sophos has urged organizations to take vigilant moves in order to prevent similar ransomware attacks in the future_.
To further secure your organization’s communication channels, it is essential to implement [SPF](https://dmarcreport.com/what-is-spf/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [DMARC](https://dmarcreport.com/) protocols, which work together to authenticate email sources, reduce phishing risks, and ensure that only \*\*legitimate communications are delivered to your inbox.
## TikTok ban isn’t enough for US cybersecurity!
Experts like \*\*Miracco from Approov, the mobile app protection company, believe that the TikTok ban is not adequate in terms of US cybersecurity. The ban is purely centered on TikTok, which experts urge is an incomplete move. They want authorities to consider both foreign as well as \*\*domestic social media platforms and monitor their activities closely. Every social media app, irrespective of its developer country, should be held accountable for its [data management](https://www.ibm.com/think/topics/data-management) and privacy systems.
They also think that \*\*US legislation and law-making bodies are not yet as advanced as the latest technology. Hence the legalities are not adequate to cater to deal with such bans and social media requirements. The extra slow speed of legal actions makes it too hard for lawmakers to keep up with the ever-dynamic social media trends and technological advancements. _As a result, users tend to stay vulnerable to potential threats around social media platforms_.
Another cause of concern is that because of the [sudden ban on TikTok](https://www.bbc.com/news/articles/cz6p1g54q85o), users may switch to its alternatives without conducting a thorough background check. These considerably new TikTok alternatives are highly likely to be less secure in nature.
The \*\*Chief Marketing Officer of [AppSoc](https://www.appsoc.com/), [Willy Leichter](https://www.linkedin.com/in/willyleichter), suggests that users, as well as authorities, must be prepared to face the consequences because of the out-of-the-blue ban on TikTok and its miraculous restoration within 12 hours. While users should wait patiently to find out the reality around TikTok’s ban, they should also be careful enough before jumping onto another alternative. _Also, authorities should pay close attention to TikTok alternatives and check whether or not they are absolutely safe options for users_.
## Topics
[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ News ](/tags/news/)[ SPF ](/tags/spf/)
[ Vishal Lamba ](/authors/vishal-lamba/)
Content Specialist
Content Specialist at DMARC Report. Writes vendor-specific email authentication guides and troubleshooting walkthroughs.
[LinkedIn Profile →](https://www.linkedin.com/in/vishal-lamba/)
## Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.
[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/)
## Related Articles
[ Foundational 4m Adidas Data Breach, Whatsapp Image Threat, Silent Ransom Vishing May 29, 2025 ](/blog/adidas-data-breach-whatsapp-image-threat-silent-ransom-vishing/)[ Foundational 4m Africa Fights Cybercrime, Attention Farmers Customers, Apple Prevents Threats Aug 28, 2025 ](/blog/africa-fights-cybercrime-attention-farmers-customers-apple-prevents-threats/)[ Foundational 4m AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack Sep 9, 2025 ](/blog/ai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack/)[ Foundational 4m Akira flaunts victims, Idaho targets orthodontist, AI granny protects Nov 22, 2024 ](/blog/akira-flaunts-victims-idaho-targets-orthodontist-ai-granny-protects/)
```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```
```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```
```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Trump fires investigators, Microsoft 365 Threats, US Cybersecurity Insufficient","description":"Trump fires investigators, Microsoft 365 Threats, US Cybersecurity Insufficient from DMARC Report explains practical steps for email authentication, domain.","url":"https://dmarcreport.com/blog/trump-fires-investigators-microsoft-365-threats-us-cybersecurity-insufficient/","datePublished":"2025-01-24T08:54:47.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2025-01-24T08:54:47.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vishal-lamba/#person","name":"Vishal Lamba","url":"https://dmarcreport.com/authors/vishal-lamba/","jobTitle":"Content Specialist","description":"Vishal Lamba writes DMARC Report's how-to guides and vendor-specific configuration walkthroughs. His work focuses on step-by-step implementation guides for major email platforms (Google Workspace, Microsoft 365, SendGrid, Mimecast, Proofpoint, Brevo, and others), troubleshooting common SPF and DMARC errors, and translating RFC-level specifications into practical deployment procedures for IT administrators.","image":"https://media.mailhop.org/dmarcreport/images/team/vishal-lamba.jpg","knowsAbout":["SPF Vendor Configuration","Email Platform Integrations","SPF Troubleshooting","Technical Documentation","Step-by-Step Guides"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vishal-lamba/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/trump-fires-investigators-microsoft-365-threats-us-cybersecurity-insufficient/"},"articleSection":"foundational","keywords":"dkim, DMARC, News, SPF","wordCount":1111,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Trump fires investigators, Microsoft 365 Threats, US Cybersecurity Insufficient","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```
```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Trump fires investigators, Microsoft 365 Threats, US Cybersecurity Insufficient","item":"https://dmarcreport.com/blog/trump-fires-investigators-microsoft-365-threats-us-cybersecurity-insufficient/"}]}
```