Microsoft discloses Chinese hacking group’s breach of US government emails
On Tuesday, Microsoft revealed that a Chinese-based hacking group has successfully breached the email accounts of approximately two dozen government agencies, including the US State Department. The breach also affected government agencies in Western Europe. The cybersecurity issue came to light when US cybersecurity experts alerted Microsoft to a vulnerability in the Microsoft 365 cloud environment on June 16th, after detecting suspicious email activity.
Adam Hodges, a spokesman for the National Security Council, stated that officials promptly contacted Microsoft to identify the source of the breach and the vulnerability in their cloud service. He emphasized the importance of maintaining a high-security threshold for the procurement providers of the US government. Microsoft initiated an investigation into the matter, which revealed that the attacker had accessed customer email accounts using Outlook Web Access starting on May 15th. The hackers, known as Storm-0558, primarily focus on espionage, data theft, and credential access.
The scale of the breach appears to be limited, as the attack was targeted. However, the Federal Bureau of Investigation continues to analyze the incident to gather more information. Apart from government email accounts, Microsoft believes that a small number of related consumer accounts may have been affected, possibly belonging to employees or contractors.
The attackers gained access to Microsoft accounts by using forged authentication tokens with an acquired consumer signing key. This allowed them access to Outlook Web Access in Exchange Online and Outlook.com. Microsoft has assured that it has fully addressed the issue and taken necessary action, removing all access from the signing key. The company has also implemented additional automated detection indicators to identify compromised systems associated with this type of attack.
Microsoft is collaborating with relevant government agencies, including the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, to strengthen security measures for those affected by this breach and future cybersecurity threats.
Senator Mark R. Warner, Chairman of the Senate Select Committee on Intelligence, expressed concern over the breach and emphasized the importance of close coordination between the US government and the private sector in countering such threats. He noted that China is steadily improving its cyber collection capabilities, posing a significant cybersecurity risk.
The breach by Chinese state-sponsored hackers underscores the increasing sophistication and frequency of such attacks. Earlier this year, Microsoft warned about a Chinese group targeting critical infrastructure, and last month, the US government issued an advisory regarding state-sponsored hackers exploiting known vulnerabilities.
Experts in the cybersecurity industry have been closely monitoring the rise in Chinese state-sponsored cyber activities. According to Dan Schiappa, Chief Product Officer of Arctic Wolf Networks Inc., Chinese threat activity is focused on spycraft rather than financial gain. He highlighted the threat of supply chain attacks for businesses involved in government contracts or those associated with cutting-edge technology research or military-grade operations.
The news of this breach serves as a reminder of the need for robust cybersecurity measures and constant vigilance to protect sensitive information and prevent unauthorized access. As the global threat landscape evolves, cybersecurity remains a critical priority for governments, organizations, and individuals alike.
