US Blames Microsoft For Providing Inadequate Cyber Security

The US Cyber Safety Review Board yesterday blamed technology giant Microsoft for its cybersecurity lapses and a deliberate lack of transparency on the issue of Chinese hacking of top government officials’ emails last year. The board said that the incident was “preventable”.

The board in its report added that it identified a series of decisions taken by Microsoft that had decreased enterprise security, risk management and trust from the customers to protect their data and operations.

The board was set up by US president Joe Biden in 2021 to study the root causes of major hacking incidents.

Storm-0558, a hacking group affiliated with the People’s Republic of China engineered the hacking and is alleged to have stolen hundreds of thousands of emails from top American officials including commerce secretary Gina Raimondo, US ambassador to China Nicholas Burns and assistant secretary of state for East Asia Daniel Kritenbrink.

The hackers are believed to have downloaded about 60,000 emails from the State Department alone. China has denied the hacking allegations.

Microsoft on its part has said that it employed resources to enforce security benchmarks.

“While no organisation is immune to cyberattack from well-resourced adversaries, we have mobilised our engineering teams to identify and mitigate legacy infrastructure, improve processes, and enforce security benchmarks,” Microsoft said.

The board has asked Microsoft to develop and make security-focused reforms across all its products. It accused Microsoft of making inaccurate statements about the incident including that it had determined the cause of the intrusion “when in fact, it still has not”.

The alleged hack last summer was one of a series of cyber-espionage campaigns tied to China and Russia that have exploited widely used software made by companies like Microsoft to target US national security interests. Russian hackers allegedly infiltrated software made by US firm SolarWinds to steal emails from US government agencies in 2020.

With inputs from Reuters