The US Cyber Safety Review Board said a targeted Chinese hack of top government officials’ emails last year was “preventable”, faulting technology giant Microsoft for its cyber security lapses and a deliberate lack of transparency.
The board said in its report that it identified a series of decisions taken by Microsoft that had decreased enterprise security, risk management and trust from the customers to protect their data and operations.
The intrusion, which stemmed from the compromise of a Microsoft engineer’s corporate account, was done by Storm-0558, a hacking group affiliated with the People’s Republic of China.
“While no organisation is immune to cyberattack from well-resourced adversaries, we have mobilized our engineering teams to identify and mitigate legacy infrastructure, improve processes, and enforce security benchmarks,” Microsoft said.
“Our security engineers continue to harden all our systems against attack and implement even more robust sensors and logs to help us detect and repel the cyber-armies of our adversaries. We will also review the final report for additional recommendations.”
The board recommended Microsoft to develop and make security-focused reforms across all its products.
Last year, the technology giant said the intrusion of senior officials at the US State and Commerce departments was done by Storm-0558, which is alleged to have stolen hundreds of thousands of emails from top American officials including Commerce Secretary Gina Raimondo, US Ambassador to China Nicholas Burns and Assistant Secretary of State for East Asia Daniel Kritenbrink.