Microsoft 'Bears Responsibility' For China-Tied Hacks, Senator Says
In a scathing letter sent to key federal agencies, Senator Ron Wyden called for multiple investigations of Microsoft Corp. over a breach of US officials' email accounts by China-linked hackers.
Wyden's letter — sent to heads of the Cybersecurity and Infrastructure Security Agency, Department of Justice, and Federal Trade Commission — said that Microsoft “bears significant responsibility for this new incident.” The senator also chided the company for its role in the SolarWinds attack, disclosed in 2020, when Russian hackers compromised computer networks in the federal government and private sector.
The hack of US officials' email, which included the accounts of Commerce Secretary Gina Raimondo and State Department officials, took place shortly before Secretary of State Antony Blinken traveled to China to meet President Xi Jinping. The breach was described by Rob Joyce, a senior official at the National Security Agency, as “China doing espionage.”
The hack stood out not because of what took place but how the hackers were able to gain access. They did so by obtaining a Microsoft consumer signing key, which allowed them to obtain access to officials' emails despite security protections. Microsoft has yet to reveal exactly how the key was obtained.
“Government emails were stolen because Microsoft committed another error,” Wyden, a Democrat from Oregon, said in his letter. “Microsoft should not have had a single skeleton key that, when inevitably stolen, could be used to forge access to different customers' private communications.”
A Microsoft spokesperson said the incident “demonstrates the evolving challenges of cybersecurity in the face of sophisticated attacks.”
“We continue to work directly with government agencies on this
Read more on tech.hindustantimes.com
