Connect with us

Hi, what are you looking for?


US Cyber Report Claims Microsoft Could Have Prevented Chinese Cloud Email Hack

Microsoft (Credits: The Hill)

A recent investigation by the US Cyber Safety Review Board has unveiled that Microsoft could have thwarted a security breach attributed to Chinese hackers targeting US government email accounts via Microsoft Exchange Online.

The breach, which came to light last year, exposed the email inboxes of 22 organizations and over 500 individuals, including those of US government employees engaged in national security tasks.

The Department of Homeland Security (DHS) released a detailed report pinpointing the breach as “preventable” and criticized Microsoft for a series of internal decisions that reflected a corporate ethos sidelining essential security investments and thorough risk management.

Microsoft China (Credits: The Verge)

The cyber attackers exploited a Microsoft consumer account key to access Outlook on the web and email services illegitimately. While the exact method of how the key was compromised remains uncertain, speculation suggests it may have been included in a crash dump.

Despite proposing this theory in September, Microsoft later acknowledged uncertainty over the crash dump’s involvement in the security lapse.

Microsoft has faced criticism for its delay in correcting inaccuracies in its initial public communications regarding the breach. It wasn’t until the Cyber Safety Review Board’s persistent inquiries that Microsoft issued a correction in March.

Microsoft Office (Credits: The New York Times)

The board concluded that the incident could have been avoided, highlighting the need to revamp Microsoft’s security practices, especially given the company’s pivotal role in the tech ecosystem and the trust users place in its data protection capabilities.

This revelation coincides with Microsoft’s introduction of Copilot for Security, an AI-driven chatbot designed to assist cybersecurity experts.

Despite these developments, Microsoft also contends with a sophisticated cyber campaign by Nobelium, a Russian hacker group known for the SolarWinds attack, which compromised Microsoft executive email accounts and accessed source code repositories.

In response to these security challenges, Microsoft has launched the Secure Future Initiative (SFI), a comprehensive strategy to enhance the security of its software and services.

This initiative marks the most important shift in Microsoft’s security approach since establishing its Security Development Lifecycle (SDL) in 2004, which was a response to the widespread Blaster worm attack on Windows XP systems in 2003.

Click to comment
Notify of
Inline Feedbacks
View all comments

We’re dedicated to providing you the most authenticated news. We’re working to turn our passion for the political industry into a booming online news portal.

You May Also Like


Actress Emma D’Arcy is from the British rebellion. She has only appeared in a small number of movies and TV shows. It might be...


Jennifer Coolidge Is Pregnant: Jennifer Coolidge Audrey Coolidge is a comedian and actress from the United States. Many of her followers are wondering if...


Spoilers! The demon Akaza from Kimetsu no Yaiba dies in the eleventh arc of the manga and the one responsible for his death is...


The young YouTube star Emily Canham has recently been seen making headlines for her amazing work and her journey. She started from scratch and...