🐛💣

Microsoft Security Incident

2023 995 days ago Resolved

Incident Overview

Situation Description

Microsoft's President admitted security failures that allowed Chinese hackers to access US officials' emails in 2023, following a Cyber Safety Review Board report.

Event Types

Software Vulnerability Exploitation Malware / Destructive Attack

Industry Sector

Technology

Geographic Scope

Global

Response Actions

Implemented Advanced Authentication Restructured Security Leadership

Impact Analysis

Event Types (2 identified)

Software Vulnerability Exploitation Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Data Types Compromised

Credentials Operational / System Data

Primary Impacts

Operational Disruption Data Exposure

Key Decisions Made

Microsoft is implementing CSRB recommendations to enhance security.; Microsoft is transitioning to a new key management system and enhancing token validation processes.; Microsoft has added security engineers and created the Office of the CISO to prioritize security.

Technical Analysis

Attack Method

Unpatched Vulnerability

Threat Actor Attribution

Storm-0558

Vulnerability / Tool

Microsoft encryption key Authentication system flaws

Additional Information

Welcome to our latest cybersecurity roundup. This week, Microsoft President Brad Smith admitted security failures that allowed Chinese hackers to access US officials emails. Truist Bank confirmed a breach affecting 65,000 employees. CISA led its first AI cybersecurity tabletop exercise, and Spanish authorities arrested a key member of the Scattered Spider hacking group. D-Link urged customers to update routers to fix a critical backdoor vulnerability. Stay informed on these pressing cybersecurity developments. 1. Microsofts President admits security failures in congressional testimony In congressional testimony yesterday, Microsoft President Brad Smith admitted security failings that enabled Chinese state hackers to access emails of US officials in 2023. Smith accepted responsibility for issues cited in a Cyber Safety Review Board (CSRB) report. The report blamed Microsoft for security failures that let Chinese hackers, Storm-0558, access 25 organizations email accounts, including US officials. The hackers used a Microsoft encryption key and exploited flaws in the authentication system to gain global access to Exchange Online accounts. The CSRB found an inadequate security culture and gaps in Microsofts security processes. Smith acknowledged Microsofts crucial cybersecurity role and the increased cyber threats from geopolitical conflicts. He apologized to those impacted by the Storm-0558 attack and outlined steps Microsoft is taking to enhance security. This includes implementing CSRB recommendations, transitioning to a new key management system, and enhancing token validation processes.Smith added that Microsoft has added security engineers and created the Office of the CISO to ensure security is prioritized. The companys Secure Future Initiative aims to design and operate products with security in mind.Following harsh feedback from security experts, Microsoft has delayed its Recall AI feature for further security testing. This feature, intended for Copilot and...

... (truncated for display)

Quick Facts

Company:: Microsoft
Date:: 2023
Status:: Resolved
Decision Maker:: Brad Smith
Position:: President
Published:: 20/06/2024

Source Information

Original Query

DOJ indictment details for Scattered Spider members and tactics

View Original Source

Timeline

Information Published

20/06/2024

Incident Occurred

2023 (995 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats