Space Industry and Business News
CYBER WARS
 US blames Microsoft 'cascade of errors' for Chinese hack
US blames Microsoft 'cascade of errors' for Chinese hack
 by AFP Staff Writers
 Washington (AFP) April 3, 2024

A scathing US government report found that an intrusion into Microsoft servers by a Chinese hacking group, which breached the emails of multiple senior US officials, was due to a "cascade of avoidable errors" by the tech giant.

The Cyber Safety Review Board (CSRB), led by the US Department of Homeland Security, conducted a seven-month investigation into the incident that involved the China-affiliated cyberespionage actor Storm-0558.

The operation, which was first discovered by the US State Department in June 2023, included hacks on the official and personal mailboxes of Commerce Secretary Gina Raimondo and US Ambassador to China Nicholas Burns.

Microsoft's core business is to provide cloud computing services, such as Azure or Office360, that host sensitive data and power business and government operations across major sectors of the economy.

The report, which was released on Monday, criticized a Microsoft corporate culture that was "at odds with the company's centrality in the technology ecosystem and the level of trust customers place in the company."

"Cloud computing is some of the most critical infrastructure we have, as it hosts sensitive data and powers business operations across our economy," said CSRB Chair Robert Silvers.

"It is imperative that cloud service providers prioritize security and build it in by design," he added.

The review identified a series of operational and strategic decisions by Microsoft that opened the door to the breach, including the failure to identify a new employee's compromised laptop following a corporate acquisition in 2021.

It also found that Microsoft fell short of safety standards seen at competing cloud companies, including Google, Amazon and Oracle.

"The Board finds that this intrusion was preventable and should never have occurred," the review said, pinpointing "the cascade of Microsoft's avoidable errors that allowed this intrusion to succeed."

The report also recommended that Microsoft develop and publicly release a plan with timelines to enact wide-ranging security reforms across its products and practices.

CSRB Deputy Chair Dmitri Alperovitch called Storm-0558 and similar actors a "persistent and pernicious threat" that had "the capability and intent to compromise identity systems to access sensitive data, including emails of individuals of interest to the Chinese government."

The government thanked Microsoft, which did not immediately reply to a request for comment, for fully cooperating with its review.

Microsoft has said it is currently overhauling its software security following the breach and similar cybersecurity attacks in recent years.

The White House-appointed CSRB serves as an independent investigator of major cyber incidents impacting US critical infrastructure.

Related Links
 Cyberwar - Internet Security News - Systems and Policy Issues

Subscribe Free To Our Daily Newsletters
Tweet

RELATED CONTENT
The following news reports may link to other Space Media Network websites.
CYBER WARS
SwRI and Air Force Collaborate on Advanced Cognitive EW Systems
 Los Angeles CA (SPX) Apr 03, 2024
 Southwest Research Institute (SwRI) is embarking on a joint R and D project with the United States Air Force, following a significant $6.4 million contract aimed at pioneering advancements in cognitive electronic warfare (EW) algorithms. These cutting-edge algorithms are designed to detect and counteract unfamiliar enemy radar threats in real-time, thereby bolstering the Air Force's cognitive EW capabilities and ensuring the safety of aircrews. David Brown, a staff engineer at SwRI leading this am ... read more
CYBER WARS
SwRI advances space sustainability with new in-space refueling craft

 A first-ever complete map for elastic strain engineering

 EPC Space's new GaN Driver IC boosts space power systems

 NESC identifies critical improvements for aerospace pressure vessel standards
CYBER WARS
Eutelsat and Intelsat forge $500M partnership to expand OneWeb constellation

 Satellites for quantum communications

 Antaris and SpeQtral Unveil Quantum Encryption Satellite Collaboration

 L3Harris Delivers Next-Gen SATCOM Solutions to US Army
CYBER WARS
CYBER WARS
GMV Spearheads ESA's Mission to Revolutionize Satellite Navigation with LEO Technology

 Aerospacelab and Xona Unite to Transform Satellite Navigation

 Genesis will measure Earth in millimetric detail from space

 Genesis and LEO-PNT: Pioneering the future of precision navigation
CYBER WARS
China's Aviation giant set to deliver new sightseeing Airships

 AI Technology Achieves New Heights with Successful Flight of Kratos MQM-178 Firejet

 Japan unveils next-generation passenger plane project

 Japan's cabinet approves fighter jet exports
CYBER WARS
Biden lands another big Taiwan chip investment

 Innovative material offers new approach to quantum memory

 New Self-Polarizing Display Technology Enhances LCD Backlight Efficiency

 Dual Cloaking Technology: A New Horizon for On-Chip Systems
CYBER WARS
Atmospheric observations in China show rise in emissions of a potent greenhouse gas

 The Dry Sky: Envisioning the Future of Human-Altered Atmospheric Water Cycles

 SI Imaging readies ultra-high-resolution satellite SpaceEye-T for launch

 Satellite Image Fusion enhances vegetation monitoring accuracy
CYBER WARS
Denmark holds 'funeral' for a polluted fjord

 What we know about how 'forever chemicals' affect health

 From polar bears to groundwater, nature is riddled with 'forever chemicals'

 US judge approves giant 3M settlement on 'forever chemicals'
Subscribe Free To Our Daily Newsletters




The content herein, unless otherwise known to be public domain, are Copyright 1995-2024 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. All articles labeled "by Staff Writers" include reports supplied to Space Media Network by industry news wires, PR agencies, corporate press officers and the like. Such articles are individually curated and edited by Space Media Network staff on the basis of the report's information value to our industry and professional readership. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. General Data Protection Regulation (GDPR) Statement Our advertisers use various cookies and the like to deliver the best ad banner available at one time. All network advertising suppliers have GDPR policies (Legitimate Interest) that conform with EU regulations for data collection. By using our websites you consent to cookie based advertising. If you do not agree with this then you must stop using the websites from May 25, 2018. Privacy Statement. Additional information can be found here at About Us.