USA

Microsoft could have stopped Chinese hackers, report says

A “cascade of errors” by tech giant Microsoft led to Chinese hackers accessing the email accounts of senior US officials, a scathing report has revealed.

The Cyber ​​Safety Review Board (CSRB), appointed by Biden, said it found that “operational and strategic decisions” led to the July breach.

A “cascade of errors” by tech giant Microsoft led to Chinese hackers accessing the email accounts of senior US officials, a scathing report into the incident has revealed. Getty Images

The report released Tuesday highlights Microsoft’s failures, including its poor cybersecurity practices, lax corporate culture and lack of sincerity about knowing about a targeted breach.

The review panel also made recommendations to the billion-dollar company to prevent a disaster of this magnitude from happening again.

It concluded that Microsoft’s security culture was “inadequate” and “required an overhaul” and the company was criticized for what it considered a “preventable” intrusion that “should never have happened.”

“The Board believes that Microsoft customers would benefit from a CEO and Board of Directors who focus directly on the company’s security culture and develop and publicly share a plan with specific timelines for Undertaking fundamental security-focused reforms across the entire company and its full product line. ” the review board wrote.

He also revealed that Microsoft still doesn’t know how the hackers got in, according to AP.

“While no organization is safe from a cyberattack from well-resourced adversaries, we have mobilized our engineering teams to identify and mitigate existing infrastructure, improve processes and apply security criteria ” a Microsoft spokesperson said in a statement.


image of a hacker
In July, Storm-0558, a China-based threat actor with espionage objectives, penetrated the emails of a total of 22 organizations and more than 500 individuals around the world, including the U.S. ambassador to China, Nicholas Burns. Shutterstock

The company added that it would “continue to harden all of our systems against attacks and implement even more robust sensors and logs to help us detect and repel our adversaries’ cyber armies.”

In July, Storm-0558, a China-based threat actor with espionage objectives, penetrated the emails of a total of 22 organizations and more than 500 individuals around the world, including the U.S. ambassador to China, Nicholas Burns.

In a blog post, Microsoft said the same group had engaged in similar intrusions – compromising cloud providers or stealing authentication keys to gain access to accounts – since at least 2009, targeting companies like as Google, Yahoo, Adobe, Dow Chemical and Morgan. Stanley.

New York Post

Back to top button