Multiple mishaps, including the crash of an internal Microsoft system in April 2021 and the hack of the engineer, gave the Chinese hackers coveted access to a cryptographic key that was later used to break into the US officials’ email accounts, the tech giant said in a blog post. The statement sheds new light on a cyber-espionage campaign that has caused a furor in Washington.
The Department of Homeland Security-backed Cyber Safety Review Board – a panel of US government and private experts – is investigating the root causes of the breach. Microsoft said Wednesday that it had corrected the technical issues that allowed the hackers to obtain the cryptographic key from its internal system. “Microsoft is continuously hardening systems as part of our defense in depth strategy,” the company said.