Military Space News
CYBER WARS
 US blames Microsoft 'cascade of errors' for Chinese hack
US blames Microsoft 'cascade of errors' for Chinese hack
 by AFP Staff Writers
 Washington (AFP) April 3, 2024

A scathing US government report found that an intrusion into Microsoft servers by a Chinese hacking group, which breached the emails of multiple senior US officials, was due to a "cascade of avoidable errors" by the tech giant.

The Cyber Safety Review Board (CSRB), led by the US Department of Homeland Security, conducted a seven-month investigation into the incident that involved the China-affiliated cyberespionage actor Storm-0558.

The operation, which was first discovered by the US State Department in June 2023, included hacks on the official and personal mailboxes of Commerce Secretary Gina Raimondo and US Ambassador to China Nicholas Burns.

Microsoft's core business is to provide cloud computing services, such as Azure or Office360, that host sensitive data and power business and government operations across major sectors of the economy.

The report, which was released on Monday, criticized a Microsoft corporate culture that was "at odds with the company's centrality in the technology ecosystem and the level of trust customers place in the company."

"Cloud computing is some of the most critical infrastructure we have, as it hosts sensitive data and powers business operations across our economy," said CSRB Chair Robert Silvers.

"It is imperative that cloud service providers prioritize security and build it in by design," he added.

The review identified a series of operational and strategic decisions by Microsoft that opened the door to the breach, including the failure to identify a new employee's compromised laptop following a corporate acquisition in 2021.

It also found that Microsoft fell short of safety standards seen at competing cloud companies, including Google, Amazon and Oracle.

"The Board finds that this intrusion was preventable and should never have occurred," the review said, pinpointing "the cascade of Microsoft's avoidable errors that allowed this intrusion to succeed."

The report also recommended that Microsoft develop and publicly release a plan with timelines to enact wide-ranging security reforms across its products and practices.

CSRB Deputy Chair Dmitri Alperovitch called Storm-0558 and similar actors a "persistent and pernicious threat" that had "the capability and intent to compromise identity systems to access sensitive data, including emails of individuals of interest to the Chinese government."

The government thanked Microsoft, which did not immediately reply to a request for comment, for fully cooperating with its review.

Microsoft has said it is currently overhauling its software security following the breach and similar cybersecurity attacks in recent years.

The White House-appointed CSRB serves as an independent investigator of major cyber incidents impacting US critical infrastructure.

Related Links
 Cyberwar - Internet Security News - Systems and Policy Issues

Subscribe Free To Our Daily Newsletters
Tweet

RELATED CONTENT
The following news reports may link to other Space Media Network websites.
CYBER WARS
SwRI and Air Force Collaborate on Advanced Cognitive EW Systems
 Los Angeles CA (SPX) Apr 03, 2024
 Southwest Research Institute (SwRI) is embarking on a joint R and D project with the United States Air Force, following a significant $6.4 million contract aimed at pioneering advancements in cognitive electronic warfare (EW) algorithms. These cutting-edge algorithms are designed to detect and counteract unfamiliar enemy radar threats in real-time, thereby bolstering the Air Force's cognitive EW capabilities and ensuring the safety of aircrews. David Brown, a staff engineer at SwRI leading this am ... read more
CYBER WARS
Northrop Grumman integrates LTAMDS and Patriot in latest IBCS live-fire test

 Dutch to deploy Patriot air defence unit to Lithuania

 Northrop Grumman's Target Launch Elevates U.S. Missile Defense Testing

 Northrop Grumman spearheads Missile Defense innovation with solid rocket motor advancements
CYBER WARS
Missile hits near ship off Yemen: security firms

 LRASM test proves missile's superior capabilities in navy flight exercise

 Raytheon SM-6 missile achieves successful interception in latest naval defense test

 Polish minister says NATO discussing shooting down Russian missile incursions
CYBER WARS
Northrop Grumman teams up with EpiSci to boost autonomy in tactical aeronautics

 6 dead, 11 hospitalized in overnight Russian drone strikes on Kharkiv

 Drones adapt mid-mission with revolutionary software integration

 Ukraine drone strikes hit Russian refinery, drone plant
CYBER WARS
Eutelsat and Intelsat forge $500M partnership to expand OneWeb constellation

 Satellites for quantum communications

 Antaris and SpeQtral Unveil Quantum Encryption Satellite Collaboration

 L3Harris Delivers Next-Gen SATCOM Solutions to US Army
CYBER WARS
NATO urged to ensure Ukraine arms flow as 100-bn-euro fund floated

 NATO chief floats 100-bn-euro fund to arm Ukraine

 France to provide armoured vehicles, missiles to Ukraine

 Firefighters douse blaze at exploded Jakarta ammo depot
CYBER WARS
Norway to nearly double defence budget over next 12 years

 Billions of dollars: how US provides Israel with military aid

 UK govt under pressure to suspend Israeli arms export licenses

 US working 'day in day out' to prevent weapons transfer to Russia
CYBER WARS
Japan and the US: wartime enemies to 'closest' allies

 Top Russia diplomat in China for official visit

 US, China resume talks on safe military interactions

 NATO turns 75 in shadow of Ukraine war -- and Trump
CYBER WARS
Researchers unveil novel technique for creating atomically thin nanoscrolls

 MIT.nano equipment to accelerate innovation in "tough tech" sectors
Subscribe Free To Our Daily Newsletters




The content herein, unless otherwise known to be public domain, are Copyright 1995-2024 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. All articles labeled "by Staff Writers" include reports supplied to Space Media Network by industry news wires, PR agencies, corporate press officers and the like. Such articles are individually curated and edited by Space Media Network staff on the basis of the report's information value to our industry and professional readership. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. General Data Protection Regulation (GDPR) Statement Our advertisers use various cookies and the like to deliver the best ad banner available at one time. All network advertising suppliers have GDPR policies (Legitimate Interest) that conform with EU regulations for data collection. By using our websites you consent to cookie based advertising. If you do not agree with this then you must stop using the websites from May 25, 2018. Privacy Statement. Additional information can be found here at About Us.