Microsoft Security is Highly Vulnerable to Chinese Hacks, Tech Company Needs Critical Fixes

According to a new report by a government-backed cybersecurity board, Microsoft’s security culture needs improvement, with the tech giant’s lax security measures resulting in a breach by a group of hackers associated with China last summer.

The Cyber Safety Review Board (CSRB), under the US Department of Homeland Security, highlighted a series of “avoidable errors” in Microsoft’s security systems, which allowed hackers from an espionage group linked to the Chinese government, known as Storm-0558, to infiltrate the company’s networks.

The report specifies that the hackers exploited various vulnerabilities in Microsoft’s authentication system, enabling them to access “virtually any Exchange Online account worldwide” due to insufficient protection of signing keys.

Microsoft Logo (Credits: Microsoft)

Consequently, senior US officials, including Commerce Secretary Gina Raimondo, US Ambassador to China R. Nicholas Burns, and Congressman Don Bacon, had their email accounts compromised.

Moreover, Microsoft failed to detect the compromised accounts independently, only becoming aware of the issue when alerted by a customer, as per the report.

Describing the intrusion as preventable, the CSRB emphasized the need for an overhaul of Microsoft’s security culture, given its pivotal role in the technology ecosystem and the trust customers place in its ability to safeguard their data and operations.

Microsoft HQ (Credits: Drew Angerer)

Responding to the findings, a Microsoft spokesperson acknowledged the necessity of a new security engineering culture within the company, emphasizing ongoing efforts to identify and address security vulnerabilities.

Additionally, the CSRB criticized Microsoft for initially misidentifying the root cause of the attack in a September 2023 announcement, with the correction issued only in March 2024, two months after admitting the error to the board.

Given Microsoft’s critical role in national security and the global economy, the CSRB stressed the urgency of addressing security vulnerabilities promptly and comprehensively.

Josh Alba
Josh Alba
Josh Alba stands at the forefront of contemporary business journalism, his words weaving narratives that illuminate the intricate workings of the corporate world. With a keen eye for detail and a penchant for uncovering the underlying stories behind financial trends, Josh has established himself as a trusted authority in business writing. Drawing from his wealth of experience and relentless pursuit of truth, Josh delivers insights that resonate with readers across industries.
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x