Skip to main content

Microsoft latest firm to notify users of state-sponsored hacks

Falling in line with other tech firms, Microsoft says it’ll also start warning users of its Web-based email service of any suspected state-sponsored hacks on their accounts.

The company has been issuing alerts about potential security breaches for the last two years, though the warnings have never offered any detailed information as to who might be behind the attacks. That’s now changing.

Recommended Videos

“As the threat landscape has evolved, our approach has too, and we’ll now go beyond notification and guidance to specify if we reasonably believe the attacker is ‘state-sponsored’,” Microsoft said in a statement to Reuters outlining its new alert procedure.

The computer giant said the alerts will go to users of Outlook.com, the Web-based email service that emerged from Microsoft’s old Hotmail interface.

The move by Microsoft follows similar action taken in recent months by the likes of Facebook, Twitter, and most recently Yahoo.

Google, meanwhile, has been issuing such warnings to Gmail users for the last three years. Asked how it knows whether a hack is the work of a government-backed agent or some guy in his pajamas working out of his bedroom (couldn’t they be the same person?), a spokesperson for the Mountain View company said “detailed analysis and victim reports” often pointed to the perpetrators, adding that he couldn’t give more specific information on its procedures “without giving away information that would be helpful” to the hackers.

Several former Microsoft employees told Reuters that known attacks carried out on Hotmail users several years ago “targeted diplomats, media workers, human rights lawyers, and others in sensitive positions inside China,” indicating the kind of people likely to be of interest to state-sponsored actors and who could therefore reasonably expect to receive one of these specialized alerts somewhere down the road.

Such warnings usually come with a recommended plan of action, such as using a more sophisticated password, enabling two-step verification if it hasn’t already been set up, and using up-to-date anti-virus software.

The move by Microsoft and others to warn of suspected state-sponsored hacks follows recent discussions between President Obama and Chinese president Xi Jinping on the issue of espionage in cyberspace, with Obama cautiously optimistic that an effective solution can eventually be found.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Microsoft outlines Recall security: ‘The user is always in control’
Recall promotional image.

Microsoft just released an update regarding the security and privacy protection in Recall. The blog post outlines the measures Microsoft is taking to prevent a data privacy disaster, including security architecture and technical controls. A lot of the features highlight that Recall is optional, and that's despite the fact that Microsoft recently confirmed that it cannot be uninstalled.

Microsoft's post is lengthy and covers just about every aspect of the security challenges that its new AI assistant has to face. One of the key design principles is that "the user is always in control." Users will be given the choice of whether they want to opt in and use Recall when setting up their new Copilot+ PC.

Read more
Hackers are sending malware through seemingly innocent Microsoft Teams messages
Microsoft Teams

Hackers are getting so sophisticated with malware that they are making links look like a notice about company vacation time.

A new phishing scam called "DarkGate Loader" has been uncovered that targets Microsoft Teams. It can be identified with a message and a link that reads "changes to the vacation schedule." Clicking this link and accessing the corresponding .ZIP files can leave you vulnerable to the malware that is attached.

Read more
Microsoft just gave you a new way to stay safe from viruses
A dark mystery hand typing on a laptop computer at night.

Microsoft has just taken a vital step towards better protecting your devices from malware, and it’s one that could stop viruses dead in their tracks. Interestingly, though, the Redmond giant seems to have made no mention of the change, despite its significance.

The new policy might sound minor on the surface: Microsoft’s SharePoint cloud storage service can apparently now scan files that are encrypted or password-protected. Previously, this wasn’t thought to be possible.

Read more