CISA and FBI Alert for Enhanced Monitoring to Detect Advanced Persistent Threat (APT) Activity

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigations (FBI) published a Joint Cybersecurity Advisory this week to provide guidance to critical infrastructure on enhancing the monitoring of Microsoft Exchange Online environments. ECCs can enhance their cyber posture and position themselves to detect similar malicious activity by implementing logging recommendations in this advisory. The specific logging recommendations in this advisory are:

  • Enable Purview Audit (Premium) logging
  • Ensure logs are searchable by operators
  • Enable Microsoft 365 Unified Audit Logging (UAL)
  • If using a cloud solution, understand your ECC’s cloud baseline.

ECCs that identify suspicious, anomalous activity should contact Microsoft to proceed with mitigation actions due to the cloud-based infrastructure affected and report to CISA and the FBI.

This Joint Cybersecurity Advisory is available on cisa.gov.