CrowdStrike CEO: Microsoft Explanation For Russia Hack Doesn’t Add Up

After a Russia-aligned threat actor accessed email accounts for senior Microsoft executives, CrowdStrike CEO George Kurtz said in a televised interview that the disclosure contains ‘scant’ details that don’t explain what really happened.


CrowdStrike CEO George Kurtz criticized Microsoft for providing “scant” details about the hack that impacted senior Microsoft executives, suggesting that the disclosure is not a meaningful explanation of how the incident happened.

Kurtz, whose company is a top rival to Microsoft in multiple segments of the cybersecurity market, made the comments Monday during a CNBC interview with “Mad Money” host Jim Cramer.

[Related: 10 Major Cyberattacks And Data Breaches In 2023]

Microsoft disclosed Friday that a state-sponsored threat actor in Russia was able to steal emails from members of its senior leadership team, who were not identified. The tech giant attributed the attack to a group it tracks as Midnight Blizzard, which Microsoft has held responsible for the widely felt 2020 breach of SolarWinds.

In a post Friday disclosing the latest hack, Microsoft said that the incident began with a late November 2023 password spray attack, which compromised a “legacy non-production test tenant account.”

Speaking on CNBC, Kurtz contended that this explanation for the hack by Microsoft does not really add up.

“I’m confused, because what Microsoft talks about is [that] it was a non-production test environment. So how does a non-production test environment lead to the compromise of the most senior officials in Microsoft [and] their emails?” he said. “I think there's a lot more that's going to come out on this.”

Kurtz also cited the timing of the release of the Microsoft disclosure, which was released Friday following the close of the stock market for the weekend, in his criticism.

In addition to the blog post, Microsoft discussed the incident in a filing with the U.S. Securities and Exchange Commission Friday, as part of complying with recently introduced SEC cyberattack disclosure rules for public companies.

“When you drop this on a Friday at five o'clock, and you have scant details, I think there's more to come on it,” Kurtz said during the CNBC interview.

Microsoft declined to comment in an email to CRN Tuesday.

In its post Friday, Microsoft said that attackers used the permissions from the initially compromised account to “access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team.” The hack also impacted accounts belonging to employees in the company’s cybersecurity and legal teams, as well as “other functions,” Microsoft said.

During the incident, threat actors “exfiltrated some emails and attached documents,” the company said. Microsoft said that its security team uncovered the compromise after detecting “a nation-state attack on our corporate systems” on Jan. 12.

‘Secure Future Initiative’

In its post, Microsoft also twice referenced its Secure Future Initiative, a set of major changes announced in early November 2023 aimed at improving Microsoft’s security, as well as the security of its widely used platforms.

“As part of our ongoing commitment to responsible transparency as recently affirmed in our Secure Future Initiative (SFI), we are sharing this update,” Microsoft said in the post Friday.

During the CNBC interview Monday, Kurtz questioned the emphasis by Microsoft on the initiative within its disclosure.

“When you look at some of the things that Microsoft talks about [in the disclosure], it's secure initiatives and it's marketing around this,” he said. “If they spent some more time on coming clean on what happened here and less on the marketing and papering over it, I think it would be good for the industry.”

Series Of Hacks

The incident follows last year’s high-profile breach of Microsoft cloud email accounts belonging to multiple U.S. government agencies.

Discovered in June 2023, the attack is believed to have impacted the emails of Commerce Secretary Gina Raimondo as well as other officials in the Commerce Department and U.S. Ambassador to China Nicholas Burns. A total of 60,000 emails were stolen from 10 U.S. State Department accounts in the China-linked compromise, according to reports.

A frequent critic of Microsoft security, Kurtz said during a 2023 interview with CRN that the cloud email breach was an example of how “Microsoft’s failures” on security have put the U.S. government and businesses at risk.

Ultimately, Microsoft security issues “are putting millions and millions — tens of millions — of customers at risk,” he said during the CRN interview previously.

Kurtz, who also co-founded CrowdStrike, echoed the comments in the CNBC interview Monday. “I think what you're seeing here is systemic failures by Microsoft putting not only their customers at risk, but the U.S. government at risk, which is a big customer of theirs,” he said.