Space Travel News
CYBER WARS
 US blames Microsoft 'cascade of errors' for Chinese hack
US blames Microsoft 'cascade of errors' for Chinese hack
 by AFP Staff Writers
 Washington (AFP) April 3, 2024

A scathing US government report found that an intrusion into Microsoft servers by a Chinese hacking group, which breached the emails of multiple senior US officials, was due to a "cascade of avoidable errors" by the tech giant.

The Cyber Safety Review Board (CSRB), led by the US Department of Homeland Security, conducted a seven-month investigation into the incident that involved the China-affiliated cyberespionage actor Storm-0558.

The operation, which was first discovered by the US State Department in June 2023, included hacks on the official and personal mailboxes of Commerce Secretary Gina Raimondo and US Ambassador to China Nicholas Burns.

Microsoft's core business is to provide cloud computing services, such as Azure or Office360, that host sensitive data and power business and government operations across major sectors of the economy.

The report, which was released on Monday, criticized a Microsoft corporate culture that was "at odds with the company's centrality in the technology ecosystem and the level of trust customers place in the company."

"Cloud computing is some of the most critical infrastructure we have, as it hosts sensitive data and powers business operations across our economy," said CSRB Chair Robert Silvers.

"It is imperative that cloud service providers prioritize security and build it in by design," he added.

The review identified a series of operational and strategic decisions by Microsoft that opened the door to the breach, including the failure to identify a new employee's compromised laptop following a corporate acquisition in 2021.

It also found that Microsoft fell short of safety standards seen at competing cloud companies, including Google, Amazon and Oracle.

"The Board finds that this intrusion was preventable and should never have occurred," the review said, pinpointing "the cascade of Microsoft's avoidable errors that allowed this intrusion to succeed."

The report also recommended that Microsoft develop and publicly release a plan with timelines to enact wide-ranging security reforms across its products and practices.

CSRB Deputy Chair Dmitri Alperovitch called Storm-0558 and similar actors a "persistent and pernicious threat" that had "the capability and intent to compromise identity systems to access sensitive data, including emails of individuals of interest to the Chinese government."

The government thanked Microsoft, which did not immediately reply to a request for comment, for fully cooperating with its review.

Microsoft has said it is currently overhauling its software security following the breach and similar cybersecurity attacks in recent years.

The White House-appointed CSRB serves as an independent investigator of major cyber incidents impacting US critical infrastructure.

Related Links
 Cyberwar - Internet Security News - Systems and Policy Issues

Subscribe Free To Our Daily Newsletters
Tweet

RELATED CONTENT
The following news reports may link to other Space Media Network websites.
CYBER WARS
SwRI and Air Force Collaborate on Advanced Cognitive EW Systems
 Los Angeles CA (SPX) Apr 03, 2024
 Southwest Research Institute (SwRI) is embarking on a joint R and D project with the United States Air Force, following a significant $6.4 million contract aimed at pioneering advancements in cognitive electronic warfare (EW) algorithms. These cutting-edge algorithms are designed to detect and counteract unfamiliar enemy radar threats in real-time, thereby bolstering the Air Force's cognitive EW capabilities and ensuring the safety of aircrews. David Brown, a staff engineer at SwRI leading this am ... read more
CYBER WARS
CYBER WARS
Continuing up the Channel: Sols 4139-4140

 Perseverance Pays off When Studying the Martian Atmosphere

 Fascinated by Fascination Turret: Sols 4137-4138

 Mars Express achieves 25,000 orbits
CYBER WARS
Three companies in the running for NASA's next Moon rover

 In first, US directs NASA to create lunar time standard

 VIPER rover hoists its Mast ahead of lunar mission

 NASA sets stage for Extended Lunar Exploration with Artemis IV and Gateway Station
CYBER WARS
New study reveals potential "ice bombs" among Kuiper Belt Objects

 Unlocking the Secrets of Eternal Ice in the Kuiper Belt

 Hubble's Latest Gaze Reveals Jupiter's Dynamic Weather Patterns

 NASA Armstrong Updates 1960s Concept to Study Giant Planets
CYBER WARS
Unlocking the secrets of Earth's underground ecosystems

 Webb Telescope unveils first glimpse into planetary formation

 Webb opens new chapter in search for forming planets

 ESA targets Enceladus in ambitious mission to Saturn
CYBER WARS
GMV spearheads development in reusable hypersonic avionics at ESA workshop

 Starship's Third Launch: A Glimpse into the future of reusable launch vehicles

 Lockheed Martin Ventures Backs Helicity Space for Fusion Propulsion Advancements

 North Korea says it test-fired new solid-fuel hypersonic missile
CYBER WARS
Shenzhou 17 astronauts complete China's first in-space repair job

 Tiangong Space Station's Solar Wings Restored After Spacewalk Repair by Shenzhou XVII Team

 BIT advances microbiological research on Chinese Space Station

 Chang'e 6 and new rockets highlight China's packed 2024 space agenda
CYBER WARS
Asteroid Bennu's samples available for global scientific scrutiny

 Sungrazer Project announces 5000th comet detection through public science project

 ESA CubeSat will probe asteroid with radar as part of Hera mission

 Rare Glimpse of the 'Devil Comet': Visibility Tips for 12P/Pons-Brooks
Subscribe Free To Our Daily Newsletters




The content herein, unless otherwise known to be public domain, are Copyright 1995-2024 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. All articles labeled "by Staff Writers" include reports supplied to Space Media Network by industry news wires, PR agencies, corporate press officers and the like. Such articles are individually curated and edited by Space Media Network staff on the basis of the report's information value to our industry and professional readership. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. General Data Protection Regulation (GDPR) Statement Our advertisers use various cookies and the like to deliver the best ad banner available at one time. All network advertising suppliers have GDPR policies (Legitimate Interest) that conform with EU regulations for data collection. By using our websites you consent to cookie based advertising. If you do not agree with this then you must stop using the websites from May 25, 2018. Privacy Statement. Additional information can be found here at About Us.