Microsoft’s Security Breakdown: Chinese Hacking Group Breaches Defenses
US criticized Microsoft security practices after Chinese hackers breached emails of officials, blasting its "inadequate" security culture. l Source: Stephen Brashear/Getty Images.
Key Takeaways
- A US government report criticizes Microsoft’s “inadequate” security culture.
- This follows a cyberattack impacting US officials’ emails.
- It is not Microsoft’s first encounter with state-sponsored attacks.
The US government has launched a scathing attack on Microsoft’s security culture , holding the company responsible for a cyberattack that compromised the emails of high-ranking officials, including US Commerce Secretary Gina Raimondo.
A newly released report by the Cyber Security Review Board (CSRB) criticizes Microsoft for its “inadequate” security measures. It also highlights the importance of enhanced logging capabilities in preventing such breaches.
US Govt Blasts Microsoft
The company was rebuked for its “inadequate” security culture, with particular criticism directed at a cyberattack last year that granted hackers access to US officials’ emails; An incident deemed preventable by CSRB.
Microsoft did not initially detect the hack. On June 15, 2023, State Department staff observed irregularities in their email systems. This discovery was made possible by the agency’s investment in a premium license that offered enhanced logging capabilities.
Outlined in the report is the practice of charging for enhanced, or premium, logging. This enables Microsoft clients to monitor system activity over time, which is crucial for investigating cyberattacks.
The report also emphasized the importance of audit logging in uncovering cyberattacks. It highlighted a series of security failures at Microsoft that enabled a Chinese state-sponsored hacking group, Storm-0558, to breach the Microsoft Exchange online mailboxes of 22 organizations and over 500 individuals globally, including US Commerce Secretary, Gina Raimondo.
Chinese Hacker In Action
The CSRB started to investigate a 2023 incident in which apparent Chinese hackers breached the email accounts of Raimondo, US Ambassador to China, Nicholas Burns, and Daniel Kritenbrink, the assistant secretary of state for East Asia. They faced the hacking attack before their trip to China in June 2023.
In total, the hackers infiltrated the Microsoft Exchange Online mailboxes of 22 organizations and 503 individuals worldwide. These include officials at the Commerce Department and State Department. As well as Congressman Don Bacon, a member of the House Taiwan Caucus.
According to the CSRB, the threat actor “downloaded approximately 60,000 emails from the State Department alone.”
“This group of hackers affiliated with the People’s Republic of China possesses the capability and intention to compromise identity systems to gain access to sensitive data, including emails of individuals of interest to the Chinese government,” stated CSRB board member Dimitri Alperovitch, who’s also Co-Founder and former CTO of CrowdStrike.
“Cloud service providers must urgently implement these recommendations to protect their customers against this and other persistent and pernicious threats from nation-state actors,” he said.
Microsoft Problems With Cybersecurity
The emphasis on Microsoft issues in cybersecurity is notable, especially considering its longstanding importance in the security community. But the issue with the US government is not the first time Microsoft has encountered attacks from Chinese hackers
Last year, Microsoft’s cybersecurity division disclosed that a China-based hacker group known as ‘Flax Typhoon’ had targeted numerous Taiwanese government agencies, likely for espionage purposes.
Since mid-2021, the Flax Typhoon group has focused its efforts on government agencies, educational institutions, vital manufacturing companies, and telecommunication companies (TLCs) in Taiwan. Their observed activities indicate an intent to engage in espionage and maintain access across various sectors for an extended duration.
Microsoft has also faced challenges from Russian cyber attackers in the past. Microsoft‘s security team recently uncovered a sophisticated cyberattack perpetrated by Midnight Blizzard – the well-known Russian State-sponsored actor linked to Russian foreign intelligence services.
This attack, which commenced in late November 2023, utilized a password spray attack to target a non-production, legacy test tenant account within Microsoft’s enterprise systems. Although the number of compromised corporate email accounts was relatively small, it impacted senior executives and critical departments, including cybersecurity and legal.
Microsoft Quietly Retracts Copilot Feature from Windows Server 2025
