Microsoft Responsible for Made-in-China Hack that Targeted US Officials

A US government-backed investigation has determined that a China-sourced hack last year that infiltrated Microsoft’s networks and, subsequently, the email accounts of US officials was “ preventable.” A “cascade of security failures at Microsoft” was cited as the catalyst that led to the attack. 

The review board found Microsoft responsible for the event because the company failed to secure a critical cryptographic key properly. According to the board’s assessment, Microsoft made a number of choices that eroded consumer trust in the company’s ability to protect consumers’ data and operations, as well as enterprise security and risk management.

The report states that Microsoft’s security culture was inadequate and required an overhaul due to the company’s “centrality in the technology ecosystem.”

The hack made headlines last year when it was discovered that Chinese operatives had access to the unclassified email accounts of high-ranking US diplomats, including US Ambassador to China Nicholas Burns. 

According to some sources, the hackers accessed approximately sixty thousand emails.

Not surprisingly, China has thus far refuted its involvement in the hack. 

The infiltration last summer was just one in a string of cyber-espionage operations linked to Russia and China that have targeted US national security objectives by exploiting popular corporate software. The most well-known incident happened in 2020 when Russian hackers breached the software of US corporation SolarWinds and stole emails from US government organizations.

The board’s recommendation was that Microsoft prioritize security in all its products.

Will we be seeing more of the same or will this be the start of stronger security enforcement? 

Share your thoughts below.

Skip to content