James Coker
Microsoft President Brad Smith had admitted security failings by the firm in enabling Chinese state hackers access the emails of US government officials in the summer of 2023.
In testimony at Congress to members of the US House Committee on Homeland Security on June 13, 2024, Smith said the tech giant accepts responsibility for all the issues cited in a Cyber Safety Review Board (CSRB) report “without equivocation or hesitation.”
The CSRB report, published in April 2024, blamed Microsoft for a “cascade of security failures” that enabled Chinese threat actor Storm-0558 to access the email accounts of 25 organizations, including US government officials.
To launch the espionage attack, Storm-0558 forged authentication tokens using an acquired Microsoft encryption key, which, when combined with another flaw in Microsoft’s authentication system, allowed them to gain full access to essentially any Exchange Online account anywhere in the world.
No comments:
Post a Comment