A new report issued by the US Cyber Safety Review Board examining the damaging cyber attacks committed by Storm-0558 from China, which caused enormous loss of data was preventable but was not halted due to Microsoft’s security systems and culture were was inadequate and requires an overhaul. “The board finds that Microsoft had not sufficiently prioritized rearchitecting its legacy infrastructure to address the current threat landscape,” the report said. Here is a copy of the report: https://www.cisa.gov/sites/default/files/2024-03/CSRB%20Review%20of%20the%20Summer%202023%20MEO%20Intrusion%20Final_508c.pdf
The major cyber attack which occurred year resulted in the China-based hackers stealing thousands of emails from hundreds of sensitive and critical accounts in the US. Those targeted included the Commerce Secretary, the US ambassador to China and Assistant secretary of state.
“The board finds that Microsoft had not sufficiently prioritized rearchitecting its legacy infrastructure to address the current threat landscape,” the report said. In software development, a legacy system refers to outdated IT systems or applications that are still in use. It was determined that Storm-0558 had forged its own security token from a stolen signing credential to access Microsoft cloud systems as far back as 2016. The report crticized Microsoft leadership for delaying the retirement of authentication keys in 2021, which would have made the forged access keys useless. The board concluded Microsoft’s culture to be “inadequate” for ensuring in-depth security.
Jeffrey Newman is a whistleblower lawyer whose firm represents whistleblowers in, healthcare fraud cases under the False Claims Act (FCA) and also under the Securities and Exchange, FINCEN and CFTC whistleblower programs. He can be reached at Jeff@JeffNewmanLaw.com or at 617-823-3217
