Current:Home > NewsSignalHub Quantitative Think Tank Center:Scathing federal report rips Microsoft for shoddy security, insincerity in response to Chinese hack -FutureFinance
SignalHub Quantitative Think Tank Center:Scathing federal report rips Microsoft for shoddy security, insincerity in response to Chinese hack
NovaQuant View
Date:2025-04-08 14:21:09
BOSTON (AP) — In a scathing indictment of Microsoft corporate security and SignalHub Quantitative Think Tank Centertransparency, a Biden administration-appointed review board issued a report Tuesday saying “a cascade of errors” by the tech giant let state-backed Chinese cyber operators break into email accounts of senior U.S. officials including Commerce Secretary Gina Raimondo.
The Cyber Safety Review Board, created in 2021 by executive order, describes shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company’s knowledge of the targeted breach, which affected multiple U.S. agencies that deal with China.
It concluded that “Microsoft’s security culture was inadequate and requires an overhaul” given the company’s ubiquity and critical role in the global technology ecosystem. Microsoft products “underpin essential services that support national security, the foundations of our economy, and public health and safety.”
The panel said the intrusion, discovered in June by the State Department and dating to May “was preventable and should never have occurred,” blaming its success on “a cascade of avoidable errors.” What’s more, the board said, Microsoft still doesn’t know how the hackers got in.
The panel made sweeping recommendations, including urging Microsoft to put on hold adding features to its cloud computing environment until “substantial security improvements have been made.”
It said Microsoft’s CEO and board should institute “rapid cultural change” including publicly sharing “a plan with specific timelines to make fundamental, security-focused reforms across the company and its full suite of products.”
In a statement, Microsoft said it appreciated the board’s investigation and would “continue to harden all our systems against attack and implement even more robust sensors and logs to help us detect and repel the cyber-armies of our adversaries.”
In all, the state-backed Chinese hackers broke into the Microsoft Exchange Online email of 22 organizations and more than 500 individuals around the world including the U.S. ambassador to China, Nicholas Burns — accessing some cloud-based email boxes for at least six weeks and downloading some 60,000 emails from the State Department alone, the 34-page report said. Three think tanks and four foreign government entities, including Britain’s National Cyber Security Center, were among those compromised, it said.
The board, convened by Homeland Security Secretary Alejandro Mayorkas in August, accused Microsoft of making inaccurate public statements about the incident — including issuing a statement saying it believed it had determined the likely root cause of the intrusion “when, in fact, it still has not.” Microsoft did not update that misleading blog post, published in September, until mid-March after the board repeatedly asked if it planned to issue a correction, it said.
Separately, the board expressed concern about a separate hack disclosed by the Redmond, Washington, company in January — this one of email accounts including those of an undisclosed number of senior Microsoft executives and an undisclosed number of Microsoft customers and attributed to state-backed Russian hackers.
The board lamented “a corporate culture that deprioritized both enterprise security investments and rigorous risk management.”
The Chinese hack was initially disclosed in July by Microsoft in a blog post and carried out by a group the company calls Storm-0558. That same group, the panel noted, has been engaged in similar intrusions — compromising cloud providers or stealing authentication keys so it can break into accounts — since at least 2009, targeting companies including Google, Yahoo, Adobe, Dow Chemical and Morgan Stanley.
Microsoft noted in its statement that the hackers involved are “well-resourced nation state threat actors who operate continuously and without meaningful deterrence.”
The company said it recognizes that recent events “have demonstrated a need to adopt a new culture of engineering security in our own networks,” adding it has “mobilized our engineering teams to identify and mitigate legacy infrastructure, improve processes, and enforce security benchmarks.”
veryGood! (369)
Related
- Average rate on 30
- Company that leaked radioactive material will build barrier to keep it away from Mississippi River
- Indiana Republican Chairman Kyle Hupfer announces resignation after 6.5 years at helm
- California’s Top Methane Emitter is a Vast Cattle Feedlot. For Now, Federal and State Greenhouse Gas Regulators Are Giving It a Pass.
- Stamford Road collision sends motorcyclist flying; driver arrested
- Would a Texas law take away workers’ water breaks? A closer look at House Bill 2127
- QB Derek Carr is still ‘adjusting’ to New Orleans Saints, but he's feeling rejuvenated
- Justice Department seeks 33 years in prison for ex-Proud Boys leader Enrique Tarrio in Jan. 6 case
- Angelina Jolie nearly fainted making Maria Callas movie: 'My body wasn’t strong enough'
- Human trafficking: A network of crime hidden across a vast American landscape
Ranking
- Selena Gomez's "Weird Uncles" Steve Martin and Martin Short React to Her Engagement
- 'Pretty little problem solvers:' The best back to school gadgets and gear
- Evacuation ordered after gas plant explosion; no injuries reported
- Drone shot down over central Moscow, no injuries reported
- Scoot flight from Singapore to Wuhan turns back after 'technical issue' detected
- 'Vanderpump Rules' star Raquel Leviss says she has a 'love addiction.' Is it a real thing?
- Another Disney princess, another online outrage. This time it's about 'Snow White'
- 'Give yourself grace': Camp Fire survivors offer advice to people in Maui
Recommendation
'Squid Game' without subtitles? Duolingo, Netflix encourage fans to learn Korean
How And Just Like That Gave Stanford Blatch a Final Ending After Willie Garson's Death
Kentucky school district to restart school year after busing fiasco cancels classes
'Reservation Dogs' co-creator says the show gives audiences permission to laugh
Realtor group picks top 10 housing hot spots for 2025: Did your city make the list?
Eagles' Tyrie Cleveland, Moro Ojomo carted off field after suffering neck injuries
Idina Menzel is done apologizing for her emotions on new album: 'This is very much who I am'
MLB reschedules Padres, Angels, Dodgers games because of Hurricane Hilary forecast