Trump fires investigators, Microsoft 365 Threats, US Cybersecurity Insufficient

The support tickets we get after a spoofing incident all start the same way: ‘we didn’t know someone was sending email from our domain,’ says Vasile Diaconu, Operations Lead at DuoCircle. DMARC reporting would have caught it weeks earlier. The cost of monitoring is nothing compared to the cost of a successful impersonation attack.

_According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report

Trump fires investigators, Microsoft 365 Threats, US Cybersecurity Insufficient

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-20105">
						<source src="https://media.mailhop.org/dmarcreport/images/2025/01/Trump-fires-investigators-Microsoft-365-Threats-US-Cybersecurity-Insufficient.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M20S">2:20</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-20105" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-20105" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-20105" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-20105" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/trump-fires-investigators-microsoft-365-threats-us-cybersecurity-insufficient/&t=Trump fires investigators, Microsoft 365 Threats, US Cybersecurity Insufficient"
						 target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/trump-fires-investigators-microsoft-365-threats-us-cybersecurity-insufficient/&url=Trump fires investigators, Microsoft 365 Threats, US Cybersecurity Insufficient"
						 target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2025/01/Trump-fires-investigators-Microsoft-365-Threats-US-Cybersecurity-Insufficient.mp3"
						 target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/trump-fires-investigators-microsoft-365-threats-us-cybersecurity-insufficient/" class="input-link input-link-20105" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-20105" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

						<input type="text" value='<blockquote class="wp-embedded-content" data-secret="1OeJKJEpDN"><a href="https://dmarcreport.com/blog/podcast/trump-fires-investigators-microsoft-365-threats-us-cybersecurity-insufficient/">Trump fires investigators, Microsoft 365 Threats, US Cybersecurity Insufficient</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://dmarcreport.com/blog/podcast/trump-fires-investigators-microsoft-365-threats-us-cybersecurity-insufficient/embed/#?secret=1OeJKJEpDN" width="500" height="350" title=""Trump fires investigators, Microsoft 365 Threats, US Cybersecurity Insufficient" - DMARC Report" data-secret="1OeJKJEpDN" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script>

/*! This file is auto-generated / !function(d,l){“use strict”;l.querySelector&&d.addEventListener&&“undefined”!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll(‘iframe[data-secret=”‘+t.secret+’”]’),o=l.querySelectorAll(‘blockquote[data-secret=”‘+t.secret+’”]’),c=new RegExp(“^https?:$”,“i”),i=0;i<o.length;i++)o[i].style.display=“none”;for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute(“style”),“height”===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):“link”===t.message&&(r=new URL(s.getAttribute(“src”)),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener(“message”,d.wp.receiveEmbedMessage,!1),l.addEventListener(“DOMContentLoaded”,function(){for(var e,t,s=l.querySelectorAll(“iframe.wp-embedded-content”),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute(“data-secret”))||(t=Math.random().toString(36).substring(2,12),e.src+=”#?secret=“+t,e.setAttribute(“data-secret”,t)),e.contentWindow.postMessage({message:“ready”,secret:t},"")},!1)))}(window,document); //# sourceURL=https://dmarcreport.com/wp-includes/js/wp-embed.min.js ’ title=“Embed Code” class=“input-embed input-embed-20105” readonly/>

					<button class="copy-embed copy-embed-20105" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

Every day we wake up to the news of a fresh new threat attack in one or the other corner of the world. With governments around the world putting in so much effort to keep their people cyber-safe, this is our **humble attempt at keeping you aware of what’s happening around the cyber ecosystem. By keeping yourself updated, you reduce the chance of being a cyber victim significantly.

It’s your vigilance and cyber knowledge that will enable you to stay out of the clutches of cybercriminals.

This is the 4th bulletin of the month, where we will talk about the sudden dismissal of the Salt Typhoon investigation team. Then, we will focus on Microsoft 365 attacks. Lastly, we will shed light on the TikTok ban and its impact on US cybersecurity .

Are you all geared up to walk around the lanes of cybersecurity?

Let’s get started!

Salt Typhoon hacking case investigators get fired by Donald Trump!

The very first day of Trump’s administration didn’t turn out to be smooth for the advisory committee members of the Department of Homeland Security. This includes the members of CISA (Cybersecurity and Infrastructure Security Agency) and CSRB (Cyber Safety Review Board). Basically, the CSRB was involved in the investigation of the Salt Typhoon hacking case. Salt Typhoon is a China-based state-sponsored group of hackers who allegedly carried out data breaches across nine telecommunications networks in the last couple of months.

The reason behind the sudden dismissal is said to be a well-thought-out plan for preventing ‘misuse of resources.’

The CSRB members who have been fired include reputed cybersecurity personnel such as **Chris Krebs as well as former Biden administration officials.

There’s no clarity about the new participants.

Email bombing and Vishing most common in Microsoft 365 attacks!

Two different ransomware attack groups are using email bombing and vishing tactics through Microsoft Office 365. Certain cyber incidents that took place back in November and December 2024, respectively, led to a thorough investigation conducted by Microsoft. The two groups have been tracked by cybersecurity experts as STAC5777 and STAC5143. STAC5777 is also known as Storm-1811. It is believed that STA5143 is applying the tactics which it has learnt from Storm-1811.

Sophos MDR (Managed Detection and Response) has stated that within the past two weeks, there have been more than 15 cyber incidents that include vishing and email bombing. Basically, the threat actors try to gain access to **Microsoft’s remote control tools such as Teams screen sharing and Quick Assist. Then, the attackers try to gain control over the victim’s device.

Eventually, they install malware on those devices. Next, they make Teams calls or send Teams messages from any of the cybercriminal-controlled Officen365 devices. Throughout the call, they pretend to be from the tech support team. These threat actors also send out multiple spam emails so that the **Outlook mailboxes get overwhelmed.

**STAC5777 and STAC5143 deployed Black Basta and Python ransomware to attack all the users.

Sophos has urged organizations to take vigilant moves in order to prevent similar ransomware attacks in the future.

To further secure your organization’s communication channels, it is essential to implement SPF, DKIM, and DMARC protocols, which work together to authenticate email sources, reduce phishing risks, and ensure that only **legitimate communications are delivered to your inbox.

TikTok ban isn’t enough for US cybersecurity!

Experts like **Miracco from Approov, the mobile app protection company, believe that the TikTok ban is not adequate in terms of US cybersecurity. The ban is purely centered on TikTok, which experts urge is an incomplete move. They want authorities to consider both foreign as well as **domestic social media platforms and monitor their activities closely. Every social media app, irrespective of its developer country, should be held accountable for its data management and privacy systems.

They also think that **US legislation and law-making bodies are not yet as advanced as the latest technology. Hence the legalities are not adequate to cater to deal with such bans and social media requirements. The extra slow speed of legal actions makes it too hard for lawmakers to keep up with the ever-dynamic social media trends and technological advancements. As a result, users tend to stay vulnerable to potential threats around social media platforms.

Another cause of concern is that because of the sudden ban on TikTok, users may switch to its alternatives without conducting a thorough background check. These considerably new TikTok alternatives are highly likely to be less secure in nature.

The **Chief Marketing Officer of AppSoc, Willy Leichter, suggests that users, as well as authorities, must be prepared to face the consequences because of the out-of-the-blue ban on TikTok and its miraculous restoration within 12 hours. While users should wait patiently to find out the reality around TikTok’s ban, they should also be careful enough before jumping onto another alternative. Also, authorities should pay close attention to TikTok alternatives and check whether or not they are absolutely safe options for users.