Security News > 2023 > July > US senator victim-blames Microsoft for Chinese hack

Infosec in brief US senator Ron Wyden thinks it's Microsoft's fault that Chinese hackers broke into Exchange Online, and he wants three separate government agencies to launch investigations and "Hold Microsoft responsible for its negligent cyber security practices."

The Chinese hack of Microsoft's hosted email service, you may recall, occurred because suspected Chinese hackers were able to steal an encryption key used for Microsoft account services.

Wyden also asked the FTC to figure out whether Microsoft violated any of its regulations, and whether the hack puts Microsoft in danger of violating a 2002 consent decree it has with the FTC over security failures in its Passport web service.

Just in case you thought it was just Chinese hackers hitting US targets, or Russians DDoSing Ukraine, Chinese officials want you to know that the US hacks them, too.

According to Chinese state-run news sources, the Wuhan Earthquake Monitoring Center was "Subjected to a cyber attack by an overseas organization" that Chinese officials have preliminarily identified as the US National Security Agency's office of Tailored Access Operations.

Included in the hack were email addresses, IP addresses, passwords, usernames and - most worrying of all for users - private messages exchanged between hackers on the site.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/07/31/infosec_in_brief/