Energy News
CYBER WARS
 US blames Microsoft 'cascade of errors' for Chinese hack
US blames Microsoft 'cascade of errors' for Chinese hack
 by AFP Staff Writers
 Washington (AFP) April 3, 2024

A scathing US government report found that an intrusion into Microsoft servers by a Chinese hacking group, which breached the emails of multiple senior US officials, was due to a "cascade of avoidable errors" by the tech giant.

The Cyber Safety Review Board (CSRB), led by the US Department of Homeland Security, conducted a seven-month investigation into the incident that involved the China-affiliated cyberespionage actor Storm-0558.

The operation, which was first discovered by the US State Department in June 2023, included hacks on the official and personal mailboxes of Commerce Secretary Gina Raimondo and US Ambassador to China Nicholas Burns.

Microsoft's core business is to provide cloud computing services, such as Azure or Office360, that host sensitive data and power business and government operations across major sectors of the economy.

The report, which was released on Monday, criticized a Microsoft corporate culture that was "at odds with the company's centrality in the technology ecosystem and the level of trust customers place in the company."

"Cloud computing is some of the most critical infrastructure we have, as it hosts sensitive data and powers business operations across our economy," said CSRB Chair Robert Silvers.

"It is imperative that cloud service providers prioritize security and build it in by design," he added.

The review identified a series of operational and strategic decisions by Microsoft that opened the door to the breach, including the failure to identify a new employee's compromised laptop following a corporate acquisition in 2021.

It also found that Microsoft fell short of safety standards seen at competing cloud companies, including Google, Amazon and Oracle.

"The Board finds that this intrusion was preventable and should never have occurred," the review said, pinpointing "the cascade of Microsoft's avoidable errors that allowed this intrusion to succeed."

The report also recommended that Microsoft develop and publicly release a plan with timelines to enact wide-ranging security reforms across its products and practices.

CSRB Deputy Chair Dmitri Alperovitch called Storm-0558 and similar actors a "persistent and pernicious threat" that had "the capability and intent to compromise identity systems to access sensitive data, including emails of individuals of interest to the Chinese government."

The government thanked Microsoft, which did not immediately reply to a request for comment, for fully cooperating with its review.

Microsoft has said it is currently overhauling its software security following the breach and similar cybersecurity attacks in recent years.

The White House-appointed CSRB serves as an independent investigator of major cyber incidents impacting US critical infrastructure.

Related Links
 Cyberwar - Internet Security News - Systems and Policy Issues

Subscribe Free To Our Daily Newsletters
Tweet

RELATED CONTENT
The following news reports may link to other Space Media Network websites.
CYBER WARS
SwRI and Air Force Collaborate on Advanced Cognitive EW Systems
 Los Angeles CA (SPX) Apr 03, 2024
 Southwest Research Institute (SwRI) is embarking on a joint R and D project with the United States Air Force, following a significant $6.4 million contract aimed at pioneering advancements in cognitive electronic warfare (EW) algorithms. These cutting-edge algorithms are designed to detect and counteract unfamiliar enemy radar threats in real-time, thereby bolstering the Air Force's cognitive EW capabilities and ensuring the safety of aircrews. David Brown, a staff engineer at SwRI leading this am ... read more
CYBER WARS
Atmospheric observations in China show rise in emissions of a potent greenhouse gas

 The Dry Sky: Envisioning the Future of Human-Altered Atmospheric Water Cycles

 SI Imaging readies ultra-high-resolution satellite SpaceEye-T for launch

 Satellite Image Fusion enhances vegetation monitoring accuracy
CYBER WARS
GMV Spearheads ESA's Mission to Revolutionize Satellite Navigation with LEO Technology

 Aerospacelab and Xona Unite to Transform Satellite Navigation

 Genesis will measure Earth in millimetric detail from space

 Genesis and LEO-PNT: Pioneering the future of precision navigation
CYBER WARS
Despite gains in Brazil, forest destruction still 'stubbornly' high: report

 Europe's overlooked Aspen forests: key to enhancing biodiversity and climate resilience

 Presidents of Brazil, France announce green investment plan on Amazon visit

 Planting trees in wrong places heats the planet: study
CYBER WARS
Transforming CO2 into green fuel with innovative sunlight-powered catalyst

 Turning CO2 into Methanol at Room Temperature

 Tripling the US Bioeconomy: The Billion-Ton Report's Blueprint for Sustainable Biomass

 Greenhouse gas repurposed in University of Auckland experiments
CYBER WARS
Skydweller Aero conducts first solar-powered autonomous flight in the US

 ABC Solar Overcomes LA County Permit Hurdles, Paving Way for Solar Progress

 Solar-powered breakthrough at UNIST paves the way for green hydrogen future

 EU probes Chinese-owned solar panel firms over subsidies
CYBER WARS
Swedish-Belgian group wins Norway's first offshore wind license

 Wind-powered Dutch ship sets sail for greener future

 Leaf-shaped generators create electricity from the wind and rain

 European offshore wind enjoys record year in 2023
CYBER WARS
New US climate envoy wants China to speed up coal transition

 Indonesia vastly under-reports methane emissions from coal: report

 Biden admin. dedicates $74M to abandoned Kentucky coal mine cleanup

 Polluted paradise: Chile town waits for cleanup as coal shuts off
CYBER WARS
US to restrict visas for 'multiple' Hong Kong officials

 US outlet Radio Free Asia closes Hong Kong office over security law fears

 Hong Kong scraps early release for national security convicts

 China tries to block NGO tribute to dead dissident at UN
Subscribe Free To Our Daily Newsletters




The content herein, unless otherwise known to be public domain, are Copyright 1995-2024 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. All articles labeled "by Staff Writers" include reports supplied to Space Media Network by industry news wires, PR agencies, corporate press officers and the like. Such articles are individually curated and edited by Space Media Network staff on the basis of the report's information value to our industry and professional readership. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. General Data Protection Regulation (GDPR) Statement Our advertisers use various cookies and the like to deliver the best ad banner available at one time. All network advertising suppliers have GDPR policies (Legitimate Interest) that conform with EU regulations for data collection. By using our websites you consent to cookie based advertising. If you do not agree with this then you must stop using the websites from May 25, 2018. Privacy Statement. Additional information can be found here at About Us.