a sign with a red lightGovernment Report Condemns Microsoft Over Chinese Hacking Incidents

Microsoft really blew it, says government report on Chinese hacks

Government Report Condemns Microsoft Over Chinese Hacking Incidents
Government Report Condemns Microsoft Over Chinese Hacking Incidents

A new report from a government-backed cybersecurity board criticizes Microsoft’s security culture, highlighting areas in need of improvement . Microsoft’s security culture needs work, a government-backed cybersecurity board says in a new report.

The US Department of Homeland Security recently released a scathing report from the Cyber Safety Review Board (CSRB) criticizing Microsoft’s security practices. The report highlights how Microsoft’s inadequate security measures facilitated a breach by a group of hackers associated with the Chinese government last summer. According to the report, the hackers, identified as Storm-0558, exploited vulnerabilities in Microsoft’s authentication system, granting them access to numerous Exchange Online accounts worldwide, including those of senior US officials like Commerce Secretary Gina Raimondo, United States Ambassador to China R. Nicholas Burns, and Congressman Don Bacon.

The CSRB points out that Microsoft failed to adequately safeguard signing keys, which allowed the hackers to compromise email accounts undetected. Microsoft only became aware of the breach when a customer reported an issue, indicating a lack of proactive security measures.

In its report, the CSRB unequivocally states that the intrusion was preventable and criticizes Microsoft’s security culture as inadequate. The board calls for a significant overhaul of Microsoft’s security practices, emphasizing the company’s pivotal role in the technology ecosystem and the trust customers place in it to protect their data and operations.

Responding to the report, a Microsoft spokesperson acknowledged the need for a new security-focused engineering culture within the company. Microsoft emphasized its efforts to address legacy infrastructure, enhance processes, and enforce security standards to mitigate cyber threats.

Furthermore, the CSRB rebuked Microsoft for initially misidentifying the root cause of the attack in September 2023 and failing to promptly correct the announcement until March 2024.

Given Microsoft’s essential role in national security and the global economy, the CSRB emphasizes the urgent need for Microsoft to swiftly and substantially address its security vulnerabilities.

By Zain Kirmani

Zain Hassan is a passionate writer and expert in the realms of cybersecurity and ethical hacking. With a keen interest in technology from a young age, Zain's journey into the world of cybersecurity began with an insatiable curiosity about how systems worked and a desire to understand the intricacies of digital security.

One thought on “Government Report Condemns Microsoft Over Chinese Hacking Incidents”

Leave a Reply

Your email address will not be published. Required fields are marked *