Microsoft slammed for negligent cybersecurity following Chinese hack

(Image credit: Shutterstock)

US senator Ron Wyden is calling on three separate bodies to conduct their own investigations into Microsoft following the recent email hacking attack that saw government officials like Commerce Secretary Gina Raimondo and Secretary of State Antony Blinken targeted.

According to Microsoft’s own accounts, a Chinese threat actor that is being tracked as Storm-0558 “gained access to email accounts affecting approximately 25 organizations in the public cloud including government agencies.” Redmond said that related consumer accounts of individuals associated with these affected organizations were also compromised.

In his letter, Senator Wyden likens the attack to the 2020 SolarWinds campaign by a Russian threat actor, during which US government emails were also hacked.

Microsoft may face yet another investigation - or three

Microsoft is already under severe scrutiny in the EU, and has been for years, owing to a number of antitrust and anticompetitive cases. Most recently, the company has come under fire for its unfair cloud practices concerning its Azure platform.

> These are the best malware removal tools

> The US Navy has hacked Microsoft Teams to send malware

> Microsoft is making some cloud security tools free following recent major hacks

This time, it’s a trio of US agencies that are being asked to launch their own, individual probes into Microsoft.

More specifically, Wyden asked the Cybersecurity and Infrastructure Security Agency (CISA) to investigate whether the company had violated best practices recommended by none other than itself and the National Security Agency (NSA), the Department of Justice whether “Microsoft’s negligent practices violated federal law,” and the Federal Trade Commission (FTC) whether Microsoft “violated federal laws enforced by the [FTC],” particularly around deceptive business practices.

Concluding the letter, Senator Wyden writes: “I also urge you to take all necessary steps to hold the company responsible for any violations of that order."

A company spokesperson told TechRadar Pro in an email:

“This incident demonstrates the evolving challenges of cybersecurity in the face of sophisticated attacks. We continue to work directly with government agencies on this issue, and maintain our commitment to continue sharing information at Microsoft Threat Intelligence blog.”

The company did not immediately respond to our request for commentary on the potential threat of three separate probes.

Check out the best endpoint protection and best firewalls for a handy cybersecurity boost

TOPICS

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!