All about the United States
Recently, a report released by the US Cybersecurity Review Board found that Microsoft may have prevented hackers from accessing White House emails. The cyberattack took place in July last year. Now, the president of the company acknowledged that there were errors on the part of the company.
read more
Microsoft assured that it is reformulating cybersecurity actions (Image: Sundry Photography/Shutterstock)
The company’s actions are investigated.
Brad Smith stated that Microsoft “takes responsibility” for the errors highlighted in the US government document. The president of the company also apologized to those affected by the hacker attack.
The statements were given this Thursday (13) before the Homeland Security Committee of the United States House of Representatives. The session discusses cybersecurity issues involving Microsoft.
According to the US Department of Homeland Security, the attack was “preventable” and a series of decisions within the company contributed to “a corporate culture that did not prioritize investments in corporate security and rigorous risk management.”
Hackers used a consumer key from a purchased Microsoft account (MSA) to forge tokens to access Outlook on the web and Outlook.com. The report suggests that Microsoft still doesn’t know exactly how the key was stolen, but the leading theory is that it was part of a memory dump.
Also during his speech this Thursday, Smith assured that the company is reformulating some cybersecurity practices. He also highlighted that White House recommendations are being followed to prevent new cyberattacks against the company.
Chinese hackers gained access to the content of emails exchanged between White House officials and Microsoft (Image: trambler58/Shutterstock)
Hackers have links to China
Hackers allegedly involved with the Chinese government gained access to the emails of about 25 organizations, including at least two US government agencies. In total, more than 500 people were affected, including White House officials working in national security. Those responsible for the attacks were identified as Storm-0558, a group that primarily uses espionage, credential access, and data theft to attack government agencies in Western Europe. After the case, Microsoft announced that users will no longer have to pay to access tools that help identify hacker attacks. The Chinese government has denied any involvement and accused the United States of being “the world’s largest hacker empire and global cyber thief.”