Microsoft Criticized for Oversight Leading to Chinese Hackers Breaching US Officials’ Emails


A recent review commissioned by the US government has revealed critical oversights on Microsoft’s part, leading to a significant breach by Chinese hackers into the company’s network and subsequently into the email accounts of senior US officials. The report, released by the US Cyber Safety Review Board (CSRB), highlighted a series of preventable errors by Microsoft, asserting that the breach could have been avoided altogether. The review particularly pinpointed Microsoft’s failure to adequately safeguard a crucial cryptographic key, enabling hackers to illicitly access targets’ Outlook accounts by forging credentials remotely.

Microsoft’s Negligence Towards Security

The report underscored the necessity for a fundamental overhaul of Microsoft’s security culture, emphasizing the company’s pivotal role in the technology ecosystem. This breach, which occurred last year, had far-reaching consequences, including unauthorized access to the unclassified email accounts of senior US diplomats, such as the US Ambassador to China and the Secretary of Commerce. Around 60,000 emails from the State Department alone were compromised. Despite allegations, China has denied involvement in the hacking.

In response to the findings, Microsoft pledged to enhance its security practices, acknowledging the persistent threats posed by nation-state actors. The company vowed to strengthen its infrastructure, refine processes, and enforce stricter security measures to thwart future cyber-attacks effectively. Microsoft expressed gratitude towards the Cyber Safety Review Board for its investigation and indicated its commitment to review and implement the board’s recommendations. This incident underscores broader concerns regarding cyber-espionage campaigns targeting US national security interests, echoing previous breaches linked to other state actors like Russia. As experts emphasize the need for decisive action, the report serves as a wake-up call for both Microsoft and the US government to prioritize and enact substantial cybersecurity improvements.