The 2023 Microsoft email hack conducted by Storm-0558, a group affiliated with China, was preventable according to a new report from the US Cyber Safety Review Board (CSRB).
The CSRB is a forum of government and industry experts tasked with reviewing major cybersecurity events to provide recommendations to the President, and the director of the Cybersecurity and Infrastructure Security Agency (CISA)
The hack was discovered in an internal investigation in mid-June by Microsoft but had remained undetected for a month according to reports from 2023. Approximately 25 government officials and agencies were affected by the breach.
According to the CSRB’s review, a series of decisions made by Microsoft enabled the hack to happen by creating a company culture that did not prioritise cybersecurity.
The CSRB’s Chair Robert Silvers stated the importance of security in cloud computing.
“Cloud computing is some of the most critical infrastructure we have, as it hosts sensitive data and powers business operations across our economy,” he said, “It is imperative that cloud service providers prioritize security and…
