Microsoft fears America’s adversaries will join up for devastating attacks in cyberspace, forecasting China and Russia hacking together and working with Iran and North Korea when the opportunity exists.
The Big Tech company is reeling from a devastating China-linked hack that compromised the emails of its U.S. government clients last year, and Microsoft is trying to explain itself Thursday on Capitol Hill.
With scrutiny from Congress mounting, Microsoft President Brad Smith told lawmakers about the daunting cyberattackers his team faces, pointing to 47 million phishing raids on his company’s network and employees in the past year.
Russia and China already work together in military and intelligence, Mr. Smith said in written testimony to the House Homeland Security Committee, and the dangerous duo is closely connected with Iran and North Korea, too.
Mr. Smith said these adversaries’ real-world partnerships will soon be felt in cyberspace.
“This is grave at multiple levels. It’s one thing to engage in cybercombat with four separate nation-state adversaries, but quite another scenario if two or all four of these countries work in tandem,” Mr. Smith said. “This mounting danger is qualitative as well as quantitative.”
Russia and China have sophisticated complementary capabilities, involving software engineering, computational resources and machine learning, per Microsoft. The company views these skills as more treacherous when combined.
“The greater danger for the United States and our allies is that these countries will not just combine forces but build up each other’s cyberattack capabilities as they do so,” Mr. Smith said. “Unfortunately, this is where the future is likely going.”
Mr. Smith said his company detects 345 million cyberattacks against its customers every day but has missed vulnerabilities that have exposed top government officials’ private communications.
Suspected Chinese hackers accessed Microsoft Exchange Online mailboxes in May and June of 2023, including email accounts for Commerce Secretary Gina Raimondo and Nebraska Rep. Don Bacon, according to a federal board of cyber investigators.
Mr. Smith said Microsoft accepted responsibility for the problems detailed by the Cyber Safety Review Board in March and said the company was working to implement fixes.
“We acknowledge that we can and must do better, and we apologize and express our deepest regrets to those who have been impacted,” he said. “This is the message I have conveyed personally when talking with individuals impacted in our government, as well as elsewhere.”
Some Microsoft vulnerabilities come from poor attention to detail. For example, an unprotected Microsoft Azure server holding 3 terabytes of government data was exposed last year.
Some of that spilled data included U.S. military emails. Cybersecurity researcher Anurag Sen shared some of his discoveries with The Washington Times.
With multiplying problems at Microsoft, some lawmakers fear the U.S. government is too dependent on the company for security.
Sens. Eric Schmitt, Missouri Republican, and Ron Wyden, Oregon Democrat, are concerned that the Pentagon may soon mandate using Microsoft products.
The bipartisan duo said last week that they wrote to the Defense Department expressing worry that such a decision could halt innovation and waste taxpayers’ dollars.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.