The Cyber Safety Review Board (CSRB) will focus on risks to cloud computing infrastructure, including identity and authentication management, and will look at all relevant cloud service providers, the report said, citing people familiar with the matter.
The report comes after Oregon Senator Ron Wyden in July asked the Federal Trade Commission, the Cybersecurity and Infrastructure Security Agency (CISA) and the Justice Department to “take action” against Microsoft following the hack.
Microsoft has been under increasing scrutiny following revelations that hackers allegedly operating on Beijing’s behalf got hold of one of its cryptographic keys and took advantage of a coding flaw to win sweeping access to the company’s cloud email platform.
That access was used to spy on the communications of U.S. Commerce Secretary Gina Raimondo and senior State Department diplomats.
The U.S. House of Representatives Oversight Committee last week said it was opening an investigation into China’s suspected involvement in recent breaches of Commerce and State department email systems.
Discover the stories of your interest
Microsoft and CISA did not immediately respond to requests for comment.