A scathing federal report released on Tuesday reprimanded Microsoft for security lapses that facilitated a Chinese cyber intrusion into the email accounts of senior US officials, including Commerce Secretary Gina Raimondo, as first reported by The Guardian.
The Cyber Safety Review Board, established by executive order in 2021, criticized Microsoft's cybersecurity practices, corporate culture, and transparency regarding the breach, which impacted multiple US agencies dealing with China.
The report concluded that Microsoft's security culture necessitates a significant overhaul, emphasizing the company's pivotal role in supporting national security, the economy, and public health.
The intrusion, discovered in June and dating back to May, allowed state-backed Chinese hackers to access Microsoft Exchange Online email accounts of 22 organizations and over 500 individuals globally.
Among the victims were high-profile figures such as the US ambassador to China, Nicholas Burns. The hackers could access certain cloud-based email boxes for at least six weeks, during which they downloaded approximately 60,000 emails from the US State Department alone.
Additionally, the breach affected three think tanks and four foreign government entities, including Britain's National Cyber Security Center.
Microsoft's Solution to Chinese Hackers
Microsoft, in response, expressed appreciation for the investigation and pledged to improve its systems against cyber threats. "...continue to harden all our systems against attack and implement even more robust sensors and logs to help us detect and repel the cyber-armies of our adversaries."
Recently, VCPost also reported that Microsoft discovered that Chinese hackers were using OpenAI for their activities.
Join the Conversation