U.S. Senator urges probe into Microsoft email hack linked to Chinese hackers

2 min. read

Published onJuly 28, 2023

published onJuly 28, 2023

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Earlier this month, Microsoft revealed thatChinese hackers gained unauthorized access to government email accountsin the United States and Western Europe. The group behind the cyber attack, identified as Storm-0558, appears to have been motivated by espionage.

As reported byNeowin, U.S. Senator Ron Wyden (D – Oregon) has called for investigations by the Department of Justice, the Federal Trade Commission, and the Cybersecurity and Infrastructure Security Agency (CISA) in response to the breach. Senator Wyden has raised concerns about Microsoft’s security practices and wants the agencies to examine whether the breach occurred before a diplomatic trip to China last month, which included high-ranking officials such as Commerce Secretary Gina Raimondo, Ambassador to China Nicholas Burns, and Assistant Secretary of State Daniel Kritenbrink.

The hackers exploited an error made by Microsoft, using a stolen encryption key meant for consumer accounts. A validation error in Microsoft’s code allowed them to generate fake tokens for government and organizational accounts hosted by Microsoft, granting them unauthorized access.

Senator Wyden is pressing CISA’s Cyber Safety Review Board to investigate Microsoft’s role in the incident, particularly how the company’s practices were not detected during required audits. Additionally, he has asked the Department of Justice to examine whether Microsoft’s negligence violated federal law.

Criticism has been directed at Microsoft for handling the hack, with Senator Wyden noting the company’s failure to take full responsibility for previous incidents like the2020 SolarWinds campaignattributed to Russia.

In response to the incident, a Microsoft spokesperson acknowledged the evolving challenges of cybersecurity and reaffirmed their commitment to working with government agencies and sharing information to address the issue.

The Chinese hacking group Storm-0558 has a history of high-profile attacks. Still, the Chinese embassy denies any government involvement in hacking Microsoft accounts. U.S. officials, however, remain concerned that the stolen encryption keys could potentially lead to further access to federal systems.

Davesh Beri

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Davesh Beri

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

U.S. Senator urges probe into Microsoft email hack linked to Chinese hackers#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

U.S. Senator urges probe into Microsoft email hack linked to Chinese hackers