Microsoft could have thwarted Chinese hackers from gaining access to U.S. government emails via its Microsoft Exchange Online software last year, according to the Cyber Safety Review Board (CSRB). This assertion was disclosed by the U.S. Department of Homeland Security (DHS), which also outlined measures necessary to protect government emails from future hacking attempts.
The DHS news release revealed that President Joe Biden received the report from DHS Secretary Alejandro N. Mayorkas. The CSRB, established in February 2022, has now completed its third review. The government hacks were reportedly orchestrated by Storm-0558, a hacking group backed by the Chinese government.
Secretary Mayorkas said, "Individuals and organizations across the country rely on cloud services every day, and the security of this technology has never been more important." He added that nation-state actors continue to increase their sophistication in compromising cloud service systems. "Public-private partnerships like the CSRB are critical in our efforts to mitigate the serious cyber threat these nation-state actors pose," he continued. Mayorkas expressed appreciation for the board's comprehensive review and report of the Storm-0558 incident, stating that implementing the board's recommendations would enhance cybersecurity for years to come.
According to the CSRB report, Microsoft's corporate culture resulted in insufficient security investments, making the company vulnerable to breaches. The tech giant, which fully cooperated with the review, is now tasked with devising a plan to secure its product range and provide a timeline for implementation.
CSRB Acting Deputy Chair Dmitri Alperovitch stated, "The threat actor responsible for this brazen intrusion has been tracked by industry for over two decades and has been linked to 2009 Operation Aurora and 2011 RSA SecureID compromises." He added that this group of hackers affiliated with People’s Republic of China possesses both capability and intent to compromise identity systems to access sensitive data including emails of individuals of interest to the Chinese government. "Cloud service providers must urgently implement these recommendations to protect their customers against this and other persistent and pernicious threats from nation-state actors," Alperovitch concluded.