The US Department of Homeland Security (DHS) has issued a critical assessment of Microsoft’s security protocols in the wake of the summer 2023 Exchange Online breach, concluding that security failures within Microsoft created the conditions that allowed Chinese state-backed hacking group Storm-0558 to access sensitive government emails and data.
An independent review by the Cyber Safety Review Board (CSRB) released by DHS found that the intrusion was “preventable” and highlighted what it says is a concerning pattern of Microsoft underinvesting in enterprise security.
