"Microsoft Admits Security Failings Allowed China to Access US Government Emails"
In summer 2023, Microsoft President Brad Smith admitted that security failings enabled Chinese state hackers to access US government officials' emails. Microsoft was blamed for a "cascade of security failures" that allowed the Chinese threat actor "Storm-0558" to access 25 organizations' email accounts, including those belonging to US government officials, according to an April 2024 Cyber Safety Review Board (CSRB) report. Storm-0558 forged authentication tokens using an acquired Microsoft encryption key and a Microsoft authentication flaw to gain full access to almost any Exchange Online account. This article continues to discuss security shortfalls that enabled hackers to access the emails of US government officials.
Submitted by grigby1
Submitted by grigby1 CPVI
on