Microsoft has disclosed that Chinese hackers stole emails from clients including government agencies by exploiting a flaw in its system.
The tech giant said that Chinese hackers were able to carry out their cyberespionage campaign because to “a validation error in Microsoft code” in a blog post that was published on Friday.
The blog offered the most comprehensive justification up to that point for a cyberattack that shook both the cybersecurity sector and China-U.S. relations. Any involvement in the spying has been refuted by Beijing.
Microsoft and American officials said on Wednesday night that since May, hackers with ties to the Chinese government had been sneakily accessing email accounts at about 25 different organisations. At least two American government entities were among them, according to American officials.
Microsoft has not disclosed the targets of the breach, although a number of people who were impacted, including employees in the U.S. House of Representatives, the State Department, and the Commerce Department, have admitted it.
According to a senior State Department official, Secretary of State Antony Blinken told China’s top diplomat, Wang Yi, in a meeting on Thursday in Jakarta that any action that targets the U.S. government, U.S. corporations, or American citizens “is of deep concern to us, and that we will take appropriate action to hold those responsible for”
The Redmond, Washington-based business has been urged by officials and lawmakers to make its most advanced digital auditing, commonly known as logging, available to all of its customers without payment. This comes as Microsoft’s own security procedures have come under fire.
