back to top
Friday, April 12, 2024
Cryptonoyz, crypto news
HomeGuidesBuying GuidesUS accuses Microsoft of negligence after Chinese cyberattack

US accuses Microsoft of negligence after Chinese cyberattack

The United States returns to the cyberattack carried out by China against Microsoft Outlook. According to the US government, Chinese hackers were only able to orchestrate the attack thanks to the company’s negligence in cybersecurity.

Last summer, Microsoft revealed that it had been hacked by a gang of Chinese hackers. Cybercriminals, financed by Beijing, managed to penetrate into 22 email accounts Microsoft Exchange Online. Once inside the system, they were able to spy on emails exchanged by US government agencies, such as the Departments of Commerce and State. More than 500 government employees, including individuals responsible for national security, were affected. According to Microsoft, the hackers exploited a flaw in Microsoft Azure, the group’s cloud service.

Also read: the United States offers ten million dollars to flush out BlackCat pirates

The United States blames Microsoft

A few months after the events, the US Department of Homeland Security estimated that Microsoft had proof of negligence. According to a report published on April 2, 2024, the American giant could have avoided the intrusion of hackers. After having “conducted interviews with 20 organizations and experts, including cybersecurity companies, technology companies, law enforcement organizations, security researchers, academics”the department accuses Microsoft of making poor cybersecurity decisions.

The report is based on an analysis of Cyber ​​Safety Review Board (CSRB)an American body that focuses on US computer security, which just published its findings regarding the case a few days ago.

According to the Homeland security report, Microsoft took “a series of operational and strategic decisions” who created “a corporate culture” who does not give “prioritizing security investments” and “rigorous risk management”. These shortcomings are in contradiction with the importance of Microsoft in the technology sector and “the level of trust that customers place in the company to protect their data”. Microsoft’s corporate culture would therefore be “inadequate and requires overhaul”tackles the Cyber ​​Safety Review Board.

Experts also regret that Microsoft has not managed to go back with certainty to the origin of the attack. The American publisher was unable to discover how the hackers stole the signing key that made it possible to generate “authentication tokens” dummy. Microsoft is content to put forward a hypothesis according to which “operational errors” led to the leak of the key. This would have been exposed as part of a debugging operation through the use of a compromised upstream engineer account.

An attack attributed to China

In the process, the Homeland Security report confirms the responsibility of Chinese hackers in the “brazen intrusion” that occurred last summer. It is indeed a “hacker group affiliated with the People’s Republic of China” who is behind the cyberattack. This gang has “the ability and intent to compromise identity systems to access sensitive data” by order of the Chinese government.

This is not the only offensive carried out by Chinese hackers against the United States. According to the US administration, China has carried out myriad cyberespionage operations targeting the country’s infrastructure. An accusation which was promptly denied by Beijing.

Source :

The Verge

Mark Tyson
Mark Tyson
Freelance News Writer. Always interested in the way in which technology can change people's lives, and that is why I also advise individuals and companies when it comes to adopting all the advances in Apple devices and services.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Fresh