The U.S. Cyber Safety Review Board criticized technology behemoth Microsoft for its willful lack of transparency and cybersecurity failings on Tuesday, stating that a targeted Chinese theft of top government officials’ emails last year was “preventable”.
In its report, the board stated that it had determined that a number of Microsoft choices had lowered enterprise security, risk management, and customer trust in the company’s ability to secure their data and operations.
The intrusion, which stemmed from the compromise of a Microsoft engineer’s corporate account, was done by Storm-0558, a hacking group affiliated with the People’s Republic of China.
“While no organization is immune to cyberattack from well-resourced adversaries, we have mobilized our engineering teams to identify and mitigate legacy infrastructure, improve processes, and enforce security benchmarks,” Microsoft said.
“Our security engineers continue to harden all our systems against attack and implement even more robust sensors and logs to help us detect and repel the cyber-armies of our adversaries. We will also review the final report for additional recommendations.”
The board recommended Microsoft to develop and make security-focused reforms across all its products.
Last year, the technology giant said the intrusion of senior officials at the U.S. State and Commerce departments was done by Storm-0558, which is alleged to have stolen hundreds of thousands of emails from top American officials including Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns and Assistant Secretary of State for East Asia Daniel Kritenbrink.
