Microsoft critics accuse the firm of \u2018negligence\u2019 in latest breach | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Microsoft critics accuse the firm of \u2018negligence\u2019 in latest breach\"> <meta property=\"og:description\" content=\"Hackers linked to Russia\u2019s foreign intelligence agency used simple methods to spy on Microsoft executive\u2019s emails.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-01-24T01:24:02+00:00\"> <meta name=\"author\" content=\"mbracken\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach-2.jpg\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1701905043g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1705595524g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1705882623g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7dab012cdc88b5676610\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/78893\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=78893\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-critics-accuse-the-firm-of-negligence-in-latest-breach%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-critics-accuse-the-firm-of-negligence-in-latest-breach%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-78893 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.708450704225\">\n<div class=\"single-article__header-content\" readability=\"29.629787234043\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/cybersecurity\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> Hackers linked to Russia\u2019s foreign intelligence agency used simple methods to spy on Microsoft executive\u2019s emails. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach-2.jpg 5760w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> A Microsoft logo is pictured on April 29, 2015, at Moscone Center in San Francisco. (Photo by Stephen Lam\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"69.148500616185\"><body readability=\"138.13039686001\"><\/p>\n<p>For the second time in six months, Microsoft has disclosed that spies affiliated with a foreign intelligence service breached the company\u2019s systems and accessed the emails of senior company executives. And for the second time in as many months, officials in Washington along with security researchers and executives are arguing that the company simply isn\u2019t doing enough to secure its systems.<\/p>\n<p>\u201cThis is yet another wholly avoidable hack that was caused by Microsoft\u2019s negligence,\u201d Sen. Ron Wyden, D-Ore., said in a statement to CyberScoop. <\/p>\n<p>Wyden is one of a growing number of Microsoft critics who argue that a series of breaches at the company raise questions about whether it is prioritizing and making sufficient investments in security. With Microsoft providing key computing infrastructure to the U.S. government, critics like Wyden argue that the company needs to be prodded to place security at the center of its work. \u201cThe U.S. government needs to reevaluate its dependence on Microsoft,\u201d Wyden said.<\/p>\n<p>The most recent breach involved the hacking group best known as Cozy Bear, which is believed to be a unit of Russia\u2019s foreign intelligence service SVR. The group breached what Microsoft described as a \u201clegacy non-production test tenant account\u201d using a password spraying attack. Such an attack is among the most basic of ways to compromise a computing system and would typically be prevented by multi-factor authentication \u2014 the kind of simple security hygiene that companies like Microsoft have for years encouraged their users to adopt. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cIt is inexcusable that Microsoft still hasn\u2019t required multi-factor authentication, which is cybersecurity 101 and would have prevented this latest attack,\u201d Wyden said. <\/p>\n<p>In a statement, a spokesperson for Microsoft said that \u201cthe attack was not the result of a vulnerability in Microsoft products or services\u201d and that \u201cthere is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.\u201d <\/p>\n<p>Last year, Microsoft was at the center of another breach \u2014 this time featuring Chinese hackers \u2014 that also caused security experts and officials <a href=\"https:\/\/cyberscoop.com\/microsoft-china-hacking-state\/\">to question the company\u2019s security practices<\/a>. In that case, hackers linked to China <a href=\"https:\/\/cyberscoop.com\/microsoft-china-signing-key\/\">stole a signing key<\/a> that was used to break into the email accounts of senior U.S. officials, among them the secretary of commerce, ahead of key meetings between Chinese and U.S. officials. <\/p>\n<p>This pattern of breaches has cybersecurity experts questioning why Microsoft keeps falling victim to these kinds of breaches. <\/p>\n<p>\u201cMicrosoft has some really good security people. But these problems keep happening, and they don\u2019t happen with nearly the same rate or severity at other companies\u2019 corporate networks,\u201d said Andrew Grotto, who served as a senior cybersecurity official in both the Obama and Trump administrations. \u201cThat these problems keep happening at a disproportionate level, speaks to some deeper problems with Microsoft when it comes to security.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>To be sure, preventing highly resourced hackers from breaking into a computer system represents a daunting task, and in many cases it is only a matter of time and resources before a committed, well-resourced attacker can find a way into a protected system. But in the incident disclosed Friday, Microsoft\u2019s errors made the company an easy target. <\/p>\n<p>\u201cIt sort of did the cyber equivalent of leaving the front door open,\u201d Grotto said. <\/p>\n<p>While the initial breach was puzzling enough to cybersecurity experts, it\u2019s what happened next that is the real head-scratcher. <\/p>\n<p>According to Microsoft\u2019s <a href=\"https:\/\/msrc.microsoft.com\/blog\/2024\/01\/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard\/\">account of the breach<\/a>, it began with a breach of the test account \u2014 which, in theory, should be isolated from other corporate systems, let alone the emails of senior Microsoft executives that ended up being targeted. After breaching that test system, the attackers were somehow able to punch a hole into Microsoft\u2019s corporate network.<\/p>\n<p>This type of pivot is one that cybersecurity experts say should be hard to pull off under the best of circumstances. \u201cIf any other company in the world was to have that issue\u201d then \u201cthey would be out of business,\u201d said Adam Meyers, senior vice president of counter adversary operations at the cybersecurity firm CrowdStrike. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Microsoft\u2019s account of the breach implies that the hackers made use of a poorly understood, neglected piece of infrastructure connected to other parts of its network in ways that the company\u2019s engineers perhaps did not themselves comprehend. These poorly understood technologies may be a function of Microsoft\u2019s age and attempts to make sure that its newer products are generally <a href=\"https:\/\/en.wikipedia.org\/wiki\/Backward_compatibility\">backwards compatible<\/a> with its older offerings, said Trey Herr, who directs the Atlantic Council\u2019s Cyber Statecraft Initiative. <\/p>\n<p>Herr said the attack was particularly concerning from a security perspective because it targeted staffers in Microsoft\u2019s cybersecurity and legal functions. Emails belonging to executives in these divisions may give the hackers insight into the company\u2019s ongoing investigations of hacking groups such as Cozy Bear. <\/p>\n<p>By understanding what Microsoft knows of Cozy Bear\u2019s activities \u2014 and how the company knows it \u2014 the Russian hackers may be in a better position to evade the company\u2019s investigators in the future. \u201cThere may be some significant tradecraft involved in those investigations,\u201d Herr said. And by understanding Microsoft\u2019s tradecraft, Cozy Bear may use the knowledge they have gleaned from the breach to inform their future operations. <\/p>\n<p>By targeting the company\u2019s cybersecurity and legal staffers, the hackers could also have gained insight into unpatched vulnerabilities that Microsoft\u2019s staffers are working to resolve but have not yet released patches for, Herr added. <\/p>\n<p>For Microsoft, the breach is especially embarrassing because it comes two months after the company <a href=\"https:\/\/cyberscoop.com\/microsoft-upgrades-security-for-signing-key-in-wake-of-chinese-breach\/\">rolled out<\/a> what it calls its \u201c<a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2023\/11\/02\/secure-future-initiative-sfi-cybersecurity-cyberattacks\/\">Secure Future Initiative<\/a>,\u201d a series of policy changes aimed at improving the company\u2019s security posture in the face of what the firm described as increasingly sophisticated and well-resourced cyberattacks. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>In its statement about the Friday breach, the company said it is continuing to shift \u201cthe balance we need to strike between security and business risk.\u201d <\/p>\n<p>\u201cWe will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes,\u201d the company added. \u201cThis will likely cause some level of disruption while we adapt to this new reality, but this is a necessary step, and only the first of several we will be taking to embrace this philosophy.\u201d <\/p>\n<p><em>AJ Vicens contributed to this article. <\/em><\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"4.5\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/01\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach-1.jpg?w=640&ssl=1\" alt=\"Elias Groll\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Elias Groll<\/h4>\n<p> Elias Groll is a senior editor at CyberScoop. He has previously worked as a reporter and editor at Foreign Policy, covering technology and national security, and at the Brookings Institution, where he was the managing editor of TechStream and worked as part of the AI and Emerging Technology Initiative. He is a graduate of Harvard University, where he was the managing editor of The Harvard Crimson. <\/p>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft critics accuse the firm of \u2018negligence\u2019 in latest breach<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78],"tags":[86],"class_list":["post-2409","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cybersecurity"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a>","tag_info":"Cybersecurity","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2409","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2409"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2409\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2409"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2409"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2409"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":2409,"date":"2024-01-24T01:24:02","date_gmt":"2024-01-24T01:24:02","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=78893"},"modified":"2024-01-24T01:24:02","modified_gmt":"2024-01-24T01:24:02","slug":"microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/01\/24\/microsoft-critics-accuse-the-firm-of-negligence-in-latest-breach\/","title":{"rendered":"Microsoft critics accuse the firm of \u2018negligence\u2019 in latest breach"},"content":{"rendered":"