By 
Microsoft’s security practices are in dire need of a reboot.
The Cyber Safety Review Board (CSRB) just dropped a bombshell report on Microsoft, calling out the tech giant for its embarrassing cloud security blunder.
The Attack
A Chinese hacking group known as Storm-0558 compromised Microsoft Exchange Online in the summer of 2023. They accessed the email accounts of high-level U.S. officials involved in US-China relations.
The extent of the stolen data is unclear. But surely this could impact U.S.-China relations or be used for future cyberattacks.
Storm-0558 is a well-established hacking group linked to previous major attacks like Operation Aurora (2009).
Key Points from the CSRB Report
CSRB insists that the intrusion was preventable. Microsoft had a cascade of security errors, including the lack of monitoring or detecting the theft of a critical cryptographic key.
The report also mentioned Mirosoft’s lack of accountability. To make matter even worse CSRB pointed out that Microsoft’s security culture is inadequate and doesn’t prioritize security investments. Overall, the CSRB recommends Microsoft’s CEO and Board focus on reforming the company’s security practices.
This report exposes Microsoft’s alarming security failures, calling into question the safety of sensitive government data on cloud systems and highlighting the vulnerability of these platforms.
In Response
Microsoft spokesmen replied a few hours later in a statement:
While no organization is immune to cyberattack from well-resourced adversaries, we have mobilized our engineering teams to identify and mitigate legacy infrastructure, improve processes, and enforce security benchmarks.
It seems nowadays, that tech giants usually consist of unethhical data collection, security breaches and pouring all resources into the AI race. Oh, I’ve forgot, and massive layoffs.