Microsoft Says Chinese Hackers Used Flaw in Company’s Code to Steal Emails From US Agencies

Microsoft's blog post did not explain how the hackers got their hands on one of the company's digital keys.

By Reuters | Updated: 17 July 2023 17:49 IST

Microsoft Says Chinese Hackers Used Flaw in Company’s Code to Steal Emails From US Agencies

Photo Credit: Reuters

The Microsoft hack has rattled both the cybersecurity industry and China-US relations

Highlights

Microsoft said Chinese hackers misappropriated one of its digital keys
Beijing has denied any involvement in the spying
The breach has thrown Microsoft's security practices under scrutiny

Microsoft said on Friday that Chinese hackers misappropriated one of its digital keys and used a flaw in the company's code to steal emails from US government agencies and other clients.

The company said in a blog post that the hackers were able to use the key - which they acquired under undisclosed circumstances - and take advantage of "a validation error in Microsoft code" to carry out their cyberespionage campaign.

The blog provided the most fulsome explanation yet for a hack that rattled both the cybersecurity industry and China-US relations. Beijing has denied any involvement in the spying.

Microsoft, US Say Chinese Hackers Attacked 'Critical' Infrastructure

Microsoft and US officials said on Wednesday night that Chinese state-linked hackers had been secretly since May accessing email accounts at around 25 organizations. US officials said those included at least two government agencies: the State and Commerce Departments.

Secretary of State Antony Blinken told China's top diplomat, Wang Yi, in a meeting in Jakarta on Thursday that any action that targets the US government, US companies or American citizens "is of deep concern to us, and that we will take appropriate action to hold those responsible accountable," according to a senior State Department official.

Microsoft's blog post did not explain how the hackers got their hands on one of the company's digital keys, leading some experts to speculate that Microsoft itself had been hacked ahead of the thefts.

China Launches Homegrown Open-Source Computer OS to Rival Windows, MacOS

The company did not immediately respond to questions about the key.

The breach has thrown Microsoft's security practices under scrutiny, with officials and lawmakers calling on the Redmond, Washington-based company to make its top level of digital auditing, also called logging, available to all its customers free of charge.

Microsoft said in a statement late on Thursday that it was taking the criticism on board.

"We are evaluating feedback and are open to other models," the company said, adding that it was "actively engaged" with US officials on the matter.

Will the Nothing Phone 2 serve as the successor to the Phone 1, or will the two co-exist? We discuss the company's recently launched handset and more on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.