A “series of errors” by tech giant Microsoft gave Chinese hackers access to the email accounts of senior U.S. officials, a scathing report has revealed.
The Biden-appointed Cyber Security Review Board (CSRB) said it found “operational and strategic decisions” led to the July breach.
The report released Tuesday outlined Microsoft’s failures, including substandard cybersecurity practices, a lax corporate culture, and a lack of honesty about knowledge of targeted breaches.
The review committee also made recommendations to the trillion-dollar company to prevent a disaster of this scale from happening again.
The report concluded that Microsoft’s security culture was “inadequate” and “in need of an overhaul” and said the company considered the intrusion “preventable” and “never”. Condemned.
“The Board of Directors has developed a plan that includes a concrete timeline for the CEO and Board to directly focus on the company’s security culture and make fundamental security-focused changes across the company and product suite. We believe that Microsoft’s customers will benefit from developing and sharing this publicly,”’ the review committee wrote.
Microsoft also said it still doesn’t know how the hackers got in. According to the Associated Press.
“While no organization is immune to cyberattacks from resource-rich adversaries, we mobilized our engineering teams to identify and mitigate legacy infrastructure, improve processes, and conduct security benchmarks.” said a Microsoft spokesperson in a statement.
The company added that it “continues to harden all systems against attacks and implements more robust sensors and logs to detect and defeat enemy cyber forces.”
In July, Storm-0558, a China-based espionage threat actor, compromised the emails of a total of 22 organizations and more than 500 people worldwide, including US Ambassador to China Nicholas Burns .
Microsoft said in a blog post that the same group has been targeting companies such as Google, Yahoo, Adobe, Dow Chemical, and Morgan since at least 2009 with similar intrusions (compromising cloud providers, stealing authentication keys and creating accounts). He said that he had carried out activities such as infiltrating the Stanley.
