Home > Latest News > US Report Calls For ‘Fundamental, Security-Focused Reforms’ Across Microsoft

US Report Calls For ‘Fundamental, Security-Focused Reforms’ Across Microsoft

US White House

A scathing US report by a White House-mandated group, the Cyber Safety Review Board (CSRB), has found that Microsoft had cyber practices in place that left it susceptible to an intrusion.

The board conducted an independent review of the Summer 2023 Microsoft Exchange Online intrusion by Storm-0558, a hacking group assessed to be affiliated with the People’s Republic of China.

As part of its investigation, the CSRB said that it “obtained data from and conducted interviews with 20 organizations and experts including cybersecurity companies, technology companies, law enforcement organizations, security researchers, academics, as well as several impacted organizations.”

It added that the intrusion was “preventable” and identified “a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritised enterprise security investments and rigorous risk management.”

Computer code

It further recommended that Microsoft develop and publicly share a plan with specific timelines “to make fundamental, security-focused reforms across the company and its suite of products.”

CSRB Acting Deputy Chair Dmitri Alperovitch said, “The threat actor responsible for this brazen intrusion has been tracked by [the] industry for over two decades and has been linked to 2009 Operation Aurora and 2011 RSA SecureID compromises.

“This People’s Republic of China affiliated group of hackers has the capability and intent to compromise identity systems to access sensitive data, including emails of individuals of interest to the Chinese government. Cloud service providers must urgently implement these recommendations to protect their customers against this and other persistent and pernicious threats from nation-state actors.”

You may also like
Updated GPT-4 Turbo Rolled Out For Paid ChatGPT Users
Qualcomm Announces Breakthrough Wifi Technology for IOT Connectivity (Image: Sourced from Qualcomm Newsroom)
Qualcomm Announces Breakthrough Wifi Technology for IOT Connectivity
TSMC (Image: Sourced from Taiwan Semiconductor Manufacturing Co., Ltd Press Centre)
TSMC Gets A$17.5 billion in US Grants And Loans To Build Third Plant in Arizona
Meta Denver office (Image: Sourced from Meta's Newsroom)
Meta Seeks Dismissal Of FTC’s WhatsApp-Instagram Monopoly Lawsuit
Microsoft To Start Charging Windows 10 Users For Updates