U.S. Cyber Safety Review Board: Chinese Hack of US Officials ‘Preventable’ Due to Microsoft’s Cybersecurity Lapses

The U.S. Cyber Safety Review Board asserted on Tuesday that a targeted Chinese hack compromising the emails of top government officials last year was “preventable,” attributing the breach to cybersecurity deficiencies and a lack of transparency on the part of technology giant Microsoft (MSFT.O).

In its report, the board highlighted a series of decisions by Microsoft that diminished enterprise security, risk management, and customer trust, leaving their data and operations exposed to threats.

The intrusion, facilitated by the compromise of a Microsoft engineer’s corporate account, was executed by Storm-0558, a hacking group linked to the People’s Republic of China.

In response, Microsoft underscored its commitment to bolstering security measures, mobilizing engineering teams to address infrastructure vulnerabilities and enhance detection capabilities.

The board urged Microsoft to implement security-focused reforms across all its products to mitigate future risks.

Last year, Microsoft disclosed that Storm-0558 infiltrated senior officials’ emails at the U.S. State and Commerce departments, allegedly pilfering hundreds of thousands of emails from prominent American figures, including Commerce Secretary Gina Raimondo and U.S. Ambassador to China Nicholas Burns.