July 17, 2023

Microsoft’s repeated cyberattacks has raised worries in Washington about the company’s cybersecurity measures.

A China-based hacker outfit gained access to email accounts associated with 25 organizations, including U.S. government institutions, in the most recent attack. The State Department and the Commerce Department have both stated that their offices were attacked, with some claiming that Commerce Secretary Gina Raimondo’s email was also compromised.

The hackers allegedly had access to email inboxes for up to a month before the State Department notified Microsoft of unusual behavior on its networks. Although no sensitive systems or data were stolen, concerns regarding how the hackers obtained the encryption key that enabled them access to several Microsoft accounts remain unanswered.

This incident comes on the heels of a 2021 Chinese espionage effort that exploited flaws in Microsoft’s systems, showing continued risks. Mark Montgomery, executive director of the Cyberspace Solarium Commission 2.0, voiced dissatisfaction, noting that Microsoft can no longer depend on saying that their technology is fundamentally safe. The formerly productive relationship between Microsoft and the Biden administration’s cybersecurity agencies is now jeopardized as a result of these issues.

Microsoft’s cyber operations are currently being investigated by the Biden administration, and some experts are urging for the business to be held to greater security standards. Microsoft stated that it is cooperating with the authorities to investigate the current incident and that it is taking efforts to strengthen its security.

The sources for this piece include an article in Axios.