Microsoft laid out several steps it plans to take to strengthen security Thursday after Chinese hackers were able to gain access to U.S. officials’ email accounts through its system earlier this year.
The “Secure Future Initiative” aims to utilize artificial intelligence (AI) to detect and counter cyberthreats, expand default security controls embedded in Microsoft products and speed up efforts to mitigate cloud vulnerabilities, the company said in a Thursday blog post.
It will also target the specific source of the breach earlier this year — consumer signing keys.
Microsoft said in September that its investigation into the incident found that the hackers were able to gain access to email accounts in the cloud by obtaining a consumer signing key.
The tech company said it plans to shift to a “new and fully automated consumer and enterprise key management system” to ensure the security of the keys, “even when underlying processes may be compromised.”
“In this architecture, signing keys are not only encrypted at rest and in transit, but also during computational processes as well,” Microsoft executives Charlie Bell, Scott Guthrie and Rajesh Jha said in an email to employees.
“Key rotation will also be automated allowing high-frequency key replacement with no potential for human access, whatsoever,” they added.
Microsoft first revealed in July that a group of Chinese hackers, known as Storm-0558, gained access to email accounts from 25 organizations in the public cloud, including U.S. federal agencies.
The company’s investigation into the breach found that a consumer signing system crash in April 2021 had produced a snapshot of the crash process that incorrectly contained a consumer signing key.
After the snapshot was moved from the company’s isolated production network into its internet-connected corporate network for debugging, the hackers were able to access the signing key through the corporate account of a Microsoft engineer.
The key was then used to forge authentication tokens to access the emails, which Microsoft said were initially breached in mid-May. The hackers reportedly targeted the email accounts of State and Commerce Department officials.