The Cyber Safety Review Board's report on the Microsoft Exchange Server hacking campaign criticizes Microsoft's security practices and messaging. The report highlights that Microsoft is still unaware of how the Chinese carried out the attack in the Summer of 2023. The review emphasizes the severity and preventability of the intrusion, pointing out the inadequacy of Microsoft's cybersecurity practices and internal response. The threat actor responsible for the attack is linked to the 2009 Operation Aurora. The report calls for internal accountability within Microsoft to prevent such intrusions in the future.