Microsoft it said on Friday that Chinese hackers had misused its digital keys and used flaws in the company’s code to steal emails from US government agencies and other customers.
The company said in a blog post that hackers were able to use the key – which they obtained under unknown circumstances – and take advantage of “legitimate flaws in Microsoft’s code” to carry out their cyberespionage campaign.
The site provided a clear explanation of the hacks that affected the cyber security industry and China-US relations. Beijing has denied involvement in espionage.
Microsoft and US officials said Wednesday night that Chinese government-linked hackers have been undercover since May accessing emails from about 25 organizations. US officials said those include at least two government agencies: the State and Commerce Departments.
Secretary of State Antony Blinken told the Chinese ambassador, Wang Yi, at a meeting in Jakarta on Thursday that anything that could affect the US government, US companies or American citizens “is of great concern to us, and we must take appropriate action to hold those responsible,” he said. head of state department.
Microsoft’s blog post did not explain how the hackers obtained the company’s digital keys, leading some experts to suggest that Microsoft was hacked before the hack.
The company did not immediately respond to questions about the key.
The breach has put Microsoft’s security under scrutiny, with officials and lawmakers calling on the Redmond, Washington-based company to make digital surveillance, also known as logging, available to all customers for free.
Microsoft said Thursday in a statement that it was disputing it.
“We are evaluating the response and are open to other options,” the company said, adding that it had “engaged” with US officials on the matter.
© Thomson Reuters 2023