U.S. government employees Archives

Winsage

April 9, 2024

“Microsoft’s security culture was inadequate and requires an overhaul” says Cyber Safety Review Board following a “cascade of security failures”

The U.S. Cyber Safety Review Board found that Microsoft's security failures contributed to the success of the Chinese state-sponsored hacking group Storm-0558 in infiltrating the email accounts of U.S. government employees. Microsoft's oversight in detecting compromises, delays in correcting public statements, and halting manual key rotation were highlighted as key deficiencies that could have thwarted the breach.