Info@NationalCyberSecurity
Info@NationalCyberSecurity

Microsoft’s security culture was inadequate and needs overhaul, says the US government report on Chinese hacking | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


A Biden administration-appointed review board has slammed Microsoft for the Chinese hacking attack last year. In a scathing indictment of Microsoft corporate security and transparency, the report said that “a cascade of errors” by the tech giant let state-backed Chinese cyber operators break into email accounts of senior US officials including Commerce Secretary Gina Raimondo.

According to a report by news agency AP, the Cyber Safety Review Board, created in 2021 by executive order, describes shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company’s knowledge of the targeted breach for the hacking.

The report is said to have concluded that “Microsoft’s security culture was inadequate and requires an overhaul” given the company’s ubiquity and critical role in the global technology ecosystem. Microsoft products “underpin essential services that support national security, the foundations of our economy, and public health and safety.”

Report: A cascade of avoidable errors led to the Chinese hacking In its report, the panel said that the intrusion “was preventable and should never have occurred,” blaming its success on “a cascade of avoidable errors.” The board further said that Microsoft still doesn’t know how the hackers got in.

In its recommendations, the panel urged Microsoft to put on hold adding features to its cloud computing environment until “substantial security improvements have been made.” It further asked Microsoft CEO Satya Nadella and the board to institute “rapid cultural change” including publicly sharing “a plan with specific timelines to make fundamental, security-focused reforms across the company and its full suite of products.”

What Microsoft said on the report
Responding to the report, Microsoft said in a statement that it appreciated the board’s investigation and would “continue to harden all our systems against attack and implement even more robust sensors and logs to help us detect and repel the cyber-armies of our adversaries.”

To recall, state-backed Chinese hackers broke into the Microsoft Exchange Online email of 22 organisations and more than 500 individuals around the world including the US ambassador to China, Nicholas Burns. The 34-page report claimed that the attack affected multiple US agencies that deal with China. Hackers are said to have accessed some cloud-based email boxes for at least six weeks and downloaded over 60,000 emails from the State Department alone. The Chinese hack was initially disclosed in July 2023 by Microsoft in a blog post and carried out by a group the company calls Storm-0558.

Expand

Microsoft noted in its statement that the hackers involved are “well-resourced nation state threat actors who operate continuously and without meaningful deterrence.”

——————————————————–


Click Here For The Original Story From This Source.

.........................

National Cyber Security

FREE
VIEW