A series of Microsoft errors allowed Chinese hackers to break into the email accounts of high-ranking US officials

Microsoft still doesn't know how the hackers broke into the email accounts

9582 views 33 reactions 0 comment(s)
Illustration, Photo: Reuters
Illustration, Photo: Reuters
Disclaimer: The translations are mostly done through AI translator and might not be 100% accurate.

A series of mistakes by the technology giant Microsoft allowed Chinese hackers, supported by their state, to break into the email accounts of high-ranking US officials, including Commerce Secretary Gina Raimondo, according to a White House special committee report.

The Cybersecurity Review Board, established by a 2021 executive order, describes poor cybersecurity practices, a weak corporate culture and a lack of candor about Microsoft's knowledge of the hack, which affected multiple US services dealing with China.

Microsoft's security culture "was inadequate and requires review," given the company's ubiquity and important role in the global technology ecosystem, the report concluded.

The board said the intrusion last May, which the State Department disclosed in June, could have been prevented and "never should have happened," adding that the Chinese hackers' success was due to "a cascade of errors that could have been avoided." ".

Moreover, the Board said, Microsoft still does not know how the hackers got into the email accounts.

The board released sweeping recommendations, including a call for Microsoft to delay adding features to its cloud computing environment "until significant security improvements are implemented."

Microsoft's CEO and board of directors, it said, should implement "rapid corporate culture change," including publicly sharing "a time-bound plan to implement fundamental security-focused reforms across the company and its entire suite of products."

Microsoft said it appreciates the board's investigation and will "continue to harden all of its anti-attack systems and deploy even more sensitive sensors to help detect and repel adversary cyber armies."

State-backed Chinese hackers broke into the email accounts of 22 organizations and more than 500 individuals around the world, including US Ambassador to China Nicholas Burns, and downloaded 60.000 emails from the State Department alone, according to the 34-page report.

Among those compromised were three research centers and foreign government entities, including numerous British organizations, the report said.

A panel convened in August by US Homeland Security Secretary Alejandro Majorkas accused Microsoft of making inaccurate public statements about the case, including a statement in which the company said it believed it had identified the likely root cause of the intrusion, when in fact it had not.

As of mid-March, Microsoft had not updated the misleading blog post, published in September, despite the Board repeatedly asking whether it planned to correct it, the report said.

Bonus video: