The U.S. Cyber Security Review Board yesterday accused tech giant Microsoft of cybersecurity flaws and a deliberate lack of transparency in China’s hacking of government officials’ emails last year. The board said the incident was “preventable.”
The committee added in its report that it identified a series of decisions by Microsoft that undermined the company’s security, risk management, and customer trust in protecting its data and operations.
The commission was established by US President Joe Biden in 2021 to study the root causes of major hacking incidents.
Storm-0558, a hacker group affiliated with the People’s Republic of China, orchestrated the hack and stole hundreds of thousands of emails from senior U.S. officials, including Secretary of Commerce Gina Raimondo, U.S. Ambassador to China Nicholas Burns, and U.S. Assistant Secretary of State. It is believed that the email was stolen. East Asia Daniel Kritenbrink.
The hackers are believed to have downloaded approximately 60,000 emails from the State Department alone. China has denied the hacking allegations.
Microsoft, for its part, says it has committed resources to conducting security benchmarks.
“While no organization is immune to cyberattacks from resource-rich adversaries, we mobilized our engineering teams to identify and mitigate legacy infrastructure, improve processes, and conduct security benchmarks.” says Microsoft.
The board called on Microsoft to develop and implement security-focused reforms across all products. Microsoft accused Microsoft of making inaccurate statements about the incident, including identifying the cause of the intrusion “when in fact we have not yet.”
Last summer’s alleged hack was one in a series of cyberespionage operations linked to China and Russia that exploit widely used software made by companies such as Microsoft to target U.S. national security interests. Met. Russian hackers allegedly broke into software made by American company SolarWinds in 2020 and stole emails from U.S. government agencies.
With information from Reuters
