Microsoft vulnerability causes government emails to be hacked, officials launch investigation

The Cyber Security Review Board has launched an investigation into a Microsoft vulnerability that resulted in US government emails being hacked.

1 minute & 9 seconds read time

A Microsoft cloud breach that resulted in China state-backed hackers breaking into U.S. government emails has led the Cyber Security Review Board to launch an investigation.

Microsoft vulnerability causes government emails to be hacked, officials launch investigation 48

The Cyber Security Review Board (CSRB) announced on Friday that its investigation will look into cloud-based identity and authentication infrastructure, which will lead to a wider review of all potential and current problems.

This investigation was launched following U.S. government official email accounts being infiltrated by China state-backed hackers that gained access to U.S. Commerce Secretary Gina Raimondo's inbox, several other officials at the U.S. State Department, and officials at a few different government agencies.

Information regarding this story is slowly coming out, but what we do know is that the vulnerability can be traced back to hackers stealing a sensitive signing key that enabled unauthorized access to both enterprise and government email addresses hosted by Microsoft. The key, combined with the security flaw within Microsoft's infrastructure, which has since been fixed, enabled the hackers to forge authentication tokens that gained them access to the email account inboxes.

The security breach happened in mid-May, but officials only detected the vulnerability in June. Why did it take a month? State Department officials used a higher-tier paid account, which enables users to check logs, which Microsoft keeps on file. Other government departments don't use this higher-tier paid account, and if they were given access, the vulnerability would have likely been spotted much sooner.

In response to this vulnerability, Microsoft has said it will make logs available for all customers beginning sometime in September.

Buy at Amazon

Diablo IV - PlayStation 5

TodayYesterday7 days ago30 days ago
Buy at Newegg
* Prices last scanned on 10/2/2023 at 6:31 pm CDT - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission.

Jak joined the TweakTown team in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak's love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms. Instead of typical FPS, Jak holds a very special spot in his heart for RTS games.

Newsletter Subscription

Related Tags