Medical and Hospital News
CYBER WARS
 US blames Microsoft 'cascade of errors' for Chinese hack
US blames Microsoft 'cascade of errors' for Chinese hack
 by AFP Staff Writers
 Washington (AFP) April 3, 2024

A scathing US government report found that an intrusion into Microsoft servers by a Chinese hacking group, which breached the emails of multiple senior US officials, was due to a "cascade of avoidable errors" by the tech giant.

The Cyber Safety Review Board (CSRB), led by the US Department of Homeland Security, conducted a seven-month investigation into the incident that involved the China-affiliated cyberespionage actor Storm-0558.

The operation, which was first discovered by the US State Department in June 2023, included hacks on the official and personal mailboxes of Commerce Secretary Gina Raimondo and US Ambassador to China Nicholas Burns.

Microsoft's core business is to provide cloud computing services, such as Azure or Office360, that host sensitive data and power business and government operations across major sectors of the economy.

The report, which was released on Monday, criticized a Microsoft corporate culture that was "at odds with the company's centrality in the technology ecosystem and the level of trust customers place in the company."

"Cloud computing is some of the most critical infrastructure we have, as it hosts sensitive data and powers business operations across our economy," said CSRB Chair Robert Silvers.

"It is imperative that cloud service providers prioritize security and build it in by design," he added.

The review identified a series of operational and strategic decisions by Microsoft that opened the door to the breach, including the failure to identify a new employee's compromised laptop following a corporate acquisition in 2021.

It also found that Microsoft fell short of safety standards seen at competing cloud companies, including Google, Amazon and Oracle.

"The Board finds that this intrusion was preventable and should never have occurred," the review said, pinpointing "the cascade of Microsoft's avoidable errors that allowed this intrusion to succeed."

The report also recommended that Microsoft develop and publicly release a plan with timelines to enact wide-ranging security reforms across its products and practices.

CSRB Deputy Chair Dmitri Alperovitch called Storm-0558 and similar actors a "persistent and pernicious threat" that had "the capability and intent to compromise identity systems to access sensitive data, including emails of individuals of interest to the Chinese government."

The government thanked Microsoft, which did not immediately reply to a request for comment, for fully cooperating with its review.

Microsoft has said it is currently overhauling its software security following the breach and similar cybersecurity attacks in recent years.

The White House-appointed CSRB serves as an independent investigator of major cyber incidents impacting US critical infrastructure.

Related Links
 Cyberwar - Internet Security News - Systems and Policy Issues

Subscribe Free To Our Daily Newsletters
Tweet

RELATED CONTENT
The following news reports may link to other Space Media Network websites.
CYBER WARS
SwRI and Air Force Collaborate on Advanced Cognitive EW Systems
 Los Angeles CA (SPX) Apr 03, 2024
 Southwest Research Institute (SwRI) is embarking on a joint R and D project with the United States Air Force, following a significant $6.4 million contract aimed at pioneering advancements in cognitive electronic warfare (EW) algorithms. These cutting-edge algorithms are designed to detect and counteract unfamiliar enemy radar threats in real-time, thereby bolstering the Air Force's cognitive EW capabilities and ensuring the safety of aircrews. David Brown, a staff engineer at SwRI leading this am ... read more
CYBER WARS
Spanish NGO halts Gaza aid work over deadly attack

 Russian drone strike kills Ukrainian first responders working at scene of earlier attack

 Netanyahu response to aid worker deaths 'insufficient': Spain PM

 Taiwan's search dogs win hearts in search for quake victims
CYBER WARS
GMV Spearheads ESA's Mission to Revolutionize Satellite Navigation with LEO Technology

 Aerospacelab and Xona Unite to Transform Satellite Navigation

 Genesis will measure Earth in millimetric detail from space

 Genesis and LEO-PNT: Pioneering the future of precision navigation
CYBER WARS
Activists slam new Hong Kong ID card policy for trans people

 Schoningen Discoveries Highlight Wood's Vital Role in Early Human Technology

 Paleolithic sites near water sources key to understanding early human hunting practices

 No 'human era' in Earth's geological history, scientists say
CYBER WARS
Grackles thrive in human spaces through risk-sensitive learning

 S Korean fans bid farewell to internet-famous panda Fu Bao

 Viral Discovery Offers Hope Against Destructive Amphibian Fungus

 Trillions of cicadas to swarm U.S.; first double-brood emergence in 200 years
CYBER WARS
Latin America, Caribbean set for record dengue season

 US conspiracy theorists monetize 'Disease X' misinformation

 Malaria jab rollout in Cameroon a 'turning point': Gavi
CYBER WARS
US to restrict visas for 'multiple' Hong Kong officials

 US outlet Radio Free Asia closes Hong Kong office over security law fears

 Hong Kong scraps early release for national security convicts

 China tries to block NGO tribute to dead dissident at UN
CYBER WARS
Hong Kong customs makes largest-ever gold smuggling bust

 Indian navy says intercepted hijacked vessel near Somalia

 Bodies of eight Chinese migrants found on beach in Mexico

 Ecuador mayor killed amid anti-gang state of emergency
CYBER WARS
Subscribe Free To Our Daily Newsletters




The content herein, unless otherwise known to be public domain, are Copyright 1995-2024 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. All articles labeled "by Staff Writers" include reports supplied to Space Media Network by industry news wires, PR agencies, corporate press officers and the like. Such articles are individually curated and edited by Space Media Network staff on the basis of the report's information value to our industry and professional readership. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. General Data Protection Regulation (GDPR) Statement Our advertisers use various cookies and the like to deliver the best ad banner available at one time. All network advertising suppliers have GDPR policies (Legitimate Interest) that conform with EU regulations for data collection. By using our websites you consent to cookie based advertising. If you do not agree with this then you must stop using the websites from May 25, 2018. Privacy Statement. Additional information can be found here at About Us.