Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

Microsoft slammed for negligent cybersecurity following Chinese hack

Representational image of a hacker

US senator Ron Wyden is calling on three separate bodies to conduct their own investigations into Microsoft following the recent email hacking attack that saw government officials like Commerce Secretary Gina Raimondo and Secretary of State Antony Blinken targeted.

According to Microsoft’s own accounts, a Chinese threat actor that is being tracked as Storm-0558 “gained access to email accounts affecting approximately 25 organizations in the public cloud including government agencies.” Redmond said that related consumer accounts of individuals associated with these affected organizations were also compromised.

In his letter, Senator Wyden likens the attack to the 2020 SolarWinds campaign by a Russian threat actor, during which US government emails were also hacked.

Microsoft may face yet another investigation - or three

Microsoft is already under severe scrutiny in the EU, and has been for years, owing to a number of antitrust and anticompetitive cases. Most recently, the company has come under fire for its unfair cloud practices concerning its Azure platform.

This time, it’s a trio of US agencies that are being asked to launch their own, individual probes into Microsoft.

More specifically, Wyden asked the Cybersecurity and Infrastructure Security Agency (CISA) to investigate whether the company had violated best practices recommended by none other than itself and the National Security Agency (NSA), the Department of Justice whether “Microsoft’s negligent practices violated federal law,” and the Federal Trade Commission (FTC) whether Microsoft “violated federal laws enforced by the [FTC],” particularly around deceptive business practices.

Concluding the letter, Senator Wyden writes: “I also urge you to take all necessary steps to hold the company responsible for any violations of that order."

A company spokesperson told CNBC:

“This incident demonstrates the evolving challenges of cybersecurity in the face of sophisticated attacks. We continue to work directly with government agencies on this issue, and maintain our commitment to continue sharing information at Microsoft Threat Intelligence blog.”

The company did not immediately respond to our request for commentary on the potential threat of three separate probes.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.