Technical Blunders by Microsoft Gave Chinese Espionage Actors Access to Government Emails
UK gov't clarifies encrypted messaging access plans, W3LL threat actor can bypass Microsoft MFA, Tornado Cash co-founder pleads not guilty, Safer Tornado Cash alternative proposed, much more
Metacurity is a reader-supported publication, and I need your help. Consider becoming a paid subscriber to receive new posts and support my work.
According to a new analysis released by Microsoft, a series of technical missteps by the tech giant, including the hack of a company engineer, gave the Chinese government access to emails of top Biden administration officials and other organizations.
Microsoft said its investigation found that hackers first obtained a cryptographic key to access the email accounts. The company has internal systems to prevent this key from being stolen, but a chain of events dating back more than two years made the attack possible.
It began when a computer used by Microsoft’s cloud services crashed in April 2021. As the computer crashed, it saved a memory dump so that Microsoft engineers could examine it and figure out the cause of the problem.
Microsoft said that its controls typically prevent sensitive information, such as a key b…
Keep reading with a 7-day free trial