Earlier this month, Microsoft revealed that Chinese hackers gained unauthorized access to government email accounts in the United States and Western Europe. The group behind the cyber attack, identified as Storm-0558, appears to have been motivated by espionage.
As reported by Neowin, U.S. Senator Ron Wyden (D – Oregon) has called for investigations by the Department of Justice, the Federal Trade Commission, and the Cybersecurity and Infrastructure Security Agency (CISA) in response to the breach. Senator Wyden has raised concerns about Microsoft’s security practices and wants the agencies to examine whether the breach occurred before a diplomatic trip to China last month, which included high-ranking officials such as Commerce Secretary Gina Raimondo, Ambassador to China Nicholas Burns, and Assistant Secretary of State Daniel Kritenbrink.
The hackers exploited an error made by Microsoft, using a stolen encryption key meant for consumer accounts. A validation error in Microsoft’s code allowed them to generate fake tokens for government and organizational accounts hosted by Microsoft, granting them unauthorized access.
Senator Wyden is pressing CISA’s Cyber Safety Review Board to investigate Microsoft’s role in the incident, particularly how the company’s practices were not detected during required audits. Additionally, he has asked the Department of Justice to examine whether Microsoft’s negligence violated federal law.
Criticism has been directed at Microsoft for handling the hack, with Senator Wyden noting the company’s failure to take full responsibility for previous incidents like the 2020 SolarWinds campaign attributed to Russia.
In response to the incident, a Microsoft spokesperson acknowledged the evolving challenges of cybersecurity and reaffirmed their commitment to working with government agencies and sharing information to address the issue.
The Chinese hacking group Storm-0558 has a history of high-profile attacks. Still, the Chinese embassy denies any government involvement in hacking Microsoft accounts. U.S. officials, however, remain concerned that the stolen encryption keys could potentially lead to further access to federal systems.