Microsoft committed a “cascade” of “avoidable errors” that allowed Chinese hackers to breach the tech giant’s network and later the email accounts of senior US officials last year, including the secretary of commerce, a scathing US government-backed review of the incident has found.
According to a study issued on Tuesday by the US Cyber Safety Review Board (CSRB), a team of public and commercial cybersecurity specialists under the direction of the Department of Homeland Security, the intrusion “was preventable and should never have occurred.” Joe Biden established it in 2021 with the goal of determining the underlying reasons of significant hacking attacks.
The review board also criticized Microsoft (MSFT) for failing to sufficiently secure a critical cryptographic key, which enabled the hackers to remotely access their targets’ Outlook accounts by spoofing login information.
Given Microsoft’s “centrality in the technology ecosystem,” the research concludes that “Microsoft’s security culture was inadequate and requires an overhaul.”
On the eve of Secretary of State Antony Blinken’s high-profile visit to China in June of last year, the attack rocked Washington and provided Chinese operatives with access to the unclassified email accounts of senior US diplomats, including US Ambassador to China Nicholas Burns, CNN has reported.
About 60,000 emails from the State Department alone were taken by the hackers, according to department spokesperson Matthew Miller.
In addition, Secretary of Commerce Gina Raimondo has revealed that the hackers gained access to her email account prior to her August trip to China.
China has refuted the claims of hacking.
In November, Microsoft announced that, in response to the purported Chinese hacking incident and congressional examination of its security procedures, it will strengthen its software development and user protection security policies.
A Microsoft representative told CNN on Tuesday, “We appreciate the work of the [Cyber Safety Review Board] to investigate the impact of well-resourced nation state threat actors who operate continuously and without meaningful deterrence.”
The letter went on to say that Microsoft “mobilized our engineering teams to identify and mitigate legacy infrastructure, improve processes, and enforce security benchmarks.” To assist us in identifying and thwarting the cyber-armies of our enemies, “Our security engineers are working nonstop to harden all of our systems against attack and to implement even more robust sensors and logs.”
According to the spokeswoman, Microsoft will examine the board’s suggestions.
The purported attack from last summer was only one of many cyber-espionage operations connected to China and Russia that have targeted US national security objectives by taking advantage of widely used software produced by corporations like Microsoft. According to reports, in 2020, Russian hackers broke into software developed by US company SolarWinds and stole emails belonging to US federal organizations.
“With its IT service providers, the US government has reached a decision point: more of the same or better cybersecurity,” stated Cory Simpson, the CEO of the think tank Institute for Critical Infrastructure Technology.
Simpson told, “I hope the US government uses this CSRB report as a call to action for meaningful change in its longstanding relationship with Microsoft.”
Connect with us for the Latest, Current, and Breaking News news updates and videos from thefoxdaily.com. The most recent news in the United States, around the world , in business, opinion, technology, politics, and sports, follow Thefoxdaily on X, Facebook, and Instagram .