Microsoft faulted for preventable Chinese hack

A report released by the US Cyber Safety Review Board on Tuesday blamed Microsoft for a targeted Chinese hack on top government officials’ emails, deeming it ‘preventable’ due to cybersecurity lapses and lack of transparency. The breach, orchestrated by the Storm-0558 hacking group affiliated with China, originated from the compromise of a Microsoft engineer’s corporate account. Microsoft highlighted ongoing efforts to bolster security infrastructure and processes, pledging to review the report for further recommendations.

The board’s report outlined decisions by Microsoft that diminished enterprise security, risk management, and customer trust, prompting recommendations for comprehensive security reforms across all Microsoft products. Last year, the intrusion affected senior officials at the US State and Commerce departments, including Commerce Secretary Gina Raimondo and US Ambassador to China Nicholas Burns, raising concerns about the theft of sensitive emails from prominent American figures.

Despite acknowledging the inevitability of cyberattacks from well-resourced adversaries, Microsoft emphasised its commitment to enhancing system defences and implementing robust security measures. The company highlighted ongoing efforts to fortify systems against cyber threats and enhance detection capabilities to fend off adversarial attacks. The incident underscores the persistent challenges posed by cyber threats and the imperative for technology companies to prioritise cybersecurity measures to safeguard sensitive data and operations against evolving threats.