A cybersecurity advisory panel in the US is taking steps to enhance national cybersecurity, with a particular focus on security concerns related to cloud computing. The panel will be investigating the recent breach of US government department email systems, in which Microsoft Corp. is believed to have been involved. The breach, which occurred last month, is believed to have been carried out by Chinese hackers with suspected ties to the Chinese government.
The breach involving Microsoft has raised concerns about the company’s cybersecurity practices, with US Senator Ron Wyden calling on the government to hold Microsoft accountable for its alleged “careless cybersecurity practices.” Wyden claims that these practices enabled the successful Chinese espionage campaign targeting the US government.
The investigation into the Microsoft hacking incident will be overseen by the Cyber Safety Review Board (CSRB), which was established by the Biden Administration to probe major cybersecurity incidents. The CSRB will focus on the cloud computing hacking as the main subject of its investigation. The goal is to fortify the digital resilience of the US government by addressing any vulnerabilities in cloud service providers.
The Microsoft hacking incident began when Chinese state-backed hackers exploited the email systems of the tech giant. These hackers were able to exploit one of Microsoft’s cryptographic keys. Additionally, a coding vulnerability further exacerbated the breach, allowing the hackers to gain access to sensitive email data using the Microsoft cloud email platform.
The repercussions of this breach were significant, as it enabled unauthorized access to the communication channels of key US government officials. Among the victims were US Commerce Secretary Gina Raimondo and senior diplomats from the State Department.
In response to the Microsoft hacking incident, Senator Wyden called on multiple government agencies, including the Federal Trade Commission (FTC), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Justice, to take swift action against Microsoft. The incident is believed to be part of an espionage-driven campaign focused on data theft and unauthorized access.
While the full extent of the breach is still being determined, security researchers have found that hundreds of thousands of emails were illicitly accessed, exposing sensitive government communications to unauthorized parties. As the investigations into the breach unfold, attention remains on Microsoft’s role in the incident and the broader implications for cloud computing security.
The Cyber Safety Review Board’s investigation into cloud computing risks, along with the lessons learned from the Microsoft hacking incident, will provide valuable insights and solutions to improve security for the US government and the overall cloud environment. These findings will help mitigate future risks and ensure better protection of sensitive data.
It is important to note that the information provided in this report is based on internal and external research obtained through various means. The Cyber Express assumes no liability for the accuracy or consequences of using this information.