Microsoft is ‘ground zero’ for state-sponsored hackers, exec says

A top Microsoft executive said in a new interview that the tech giant is “ground zero” for foreign government-backed hackers.

“They’re incredibly good at collecting data over time, gathering and gathering more and more momentum and then figuring out how to keep parlaying that into more and more success,” Charlie Bell, Microsoft’s executive vice president of security, told Bloomberg of state-sponsored hackers in an interview published Monday. “It’s very difficult to defend against.”

Microsoft launched a security initiative called the “Secure Future Initiative” in November following a number of cybersecurity breaches with ties to foreign governments. Last May, hackers backed by China broke into customers’ emails. Then in the summer of 2023, Russia-linked group Anonymous Sudan stole 30 million customers’ data.

Even after the launch of Microsoft’s initiative, a Russia-backed actor called Midnight Blizzard attacked its employees’ email accounts—including those of executives—in January. A scathing report from the U.S. Cyber Safety Review Board (CSRB) earlier this month said a “cascade of security failures” was to blame for the January breach.

The CSRB said in its report that Microsoft’s “security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.”

Bloomberg’s report highlighted how Microsoft has implemented its security revamp thus far. It’s removed 1.7 million “identities” linked to old accounts and more than 700,000 out-of-date apps, and it’s further enforcing multi-factor authentication for over 1 million accounts. The company is also taking steps to make it harder for hackers to steal Microsoft employees’ IDs.

Still, an independent cyber security expert interviewed by Bloomberg said the actions taken by Bloomberg aren’t enough to fix its fundamentally “inadequate” system. Microsoft did not immediately respond to Quartz’s request for comment.

Microsoft’s security failures come just as the company said Chinese state-sponsored hackers are upping their use of AI to spread misinformation to meddle in foreign elections, which is particularly concerning ahead of the U.S. presidential election this fall.