Earlier this month, Microsoft reported that Chinese hackers had access to government email accounts in the United States and Western Europe. The company said that the hackers, who it identified as a group known as Storm-0558, were likely motivated by spying.
In a letter, U.S. Senator Ron Wyden has asked the Department of Justice, the Federal Trade Commission, and the Cybersecurity and Infrastructure Security Agency (CISA) to investigate the recent hack of Microsoft email accounts.
Senator Wyden asked the agencies to examine whether Microsoft's security practices allowed the breach ahead of a diplomatic trip to China last month by officials including Commerce Secretary Gina Raimondo, Ambassador to China Nicholas Burns, and Assistant Secretary of State Daniel Kritenbrink.
Government emails were stolen because Microsoft committed another error. Although the stolen encryption key was for consumer accounts, ‘a validation error in Microsoft code’ allowed the hackers to also create fake tokens for Microsoft-hosted accounts for government agencies and other organizations, and thereby access those accounts.
Wyden urged CISA to have its Cyber Safety Review Board investigate Microsoft's role, including how the company's practices went undetected during required audits. He also asked the DOJ to investigate if Microsoft violated federal law through negligent practices.
The senator criticized Microsoft's handling of the hack, saying it failed to take responsibility for previous incidents like the 2020 SolarWinds campaign attributed to Russia.
In response, a Microsoft spokesperson said that the recent security breach at Microsoft demonstrates the evolving challenges of cybersecurity in the face of sophisticated attacks. The spokesperson said Microsoft continues to work directly with government agencies on this issue and is committed to sharing information.
In a statement to CNBC, a Microsoft spokesperson said:
This incident demonstrates the evolving challenges of cybersecurity in the face of sophisticated attacks. We continue to work directly with government agencies on this issue, and maintain our commitment to continue sharing information at Microsoft Threat Intelligence blog.
Storm-0558 is a well-known Chinese hacking group that has been active for several years. The group has been linked to several high-profile hacks.
The Chinese embassy has strongly denied any government involvement in the hacking of Microsoft accounts. But U.S. officials remain concerned that stolen encryption keys may have allowed further access to federal systems.