Priya PatelTLDR:
- A US Cyber Safety Review Board report found that Microsoft could have prevented Chinese hackers from breaching US government emails through its Microsoft Exchange Online software.
- The hack was described as a “cascade of security failures” at Microsoft, allowing Chinese state-sponsored hackers access to online email inboxes of 22 organizations.
A new report from the US Cyber Safety Review Board has concluded that Microsoft could have prevented Chinese hackers from breaching US government emails through its Microsoft Exchange Online software. The incident, which allowed Chinese state-sponsored hackers to access online email inboxes of 22 organizations, affected more than 500 people, including US government employees working on national security. The report found that the hack was “preventable” and that decisions made within Microsoft contributed to a corporate culture that deprioritized enterprise security investments and rigorous risk management.
The hackers used an acquired Microsoft account (MSA) consumer key to forge tokens to access Outlook on the web (OWA) and Outlook.com. Microsoft admitted in November that its initial theory of how the key was stolen was inaccurate and only corrected it in March after repeated questioning from the Cyber Safety Review Board. The board concluded that Microsoft’s security culture needs an overhaul to prevent such intrusions in the future.
This report comes as Microsoft faces ongoing cybersecurity attacks from Russian state-sponsored hackers. In response, Microsoft has launched its Copilot for Security, an AI-powered chatbot for cybersecurity professionals. The company is also working on its Secure Future Initiative (SFI) to overhaul how it designs, builds, tests, and operates its software and services. This initiative is the biggest change to Microsoft’s security efforts since the introduction of its Security Development Lifecycle in 2004.
