Pitch Deck Template
Startup Dubai Konnect

Chinese hackers exploit Microsoft flaw, gain access to US government email accounts

, By Team SNFYI
Microsoft
Tech

Share via:

Microsoft has confirmed that a group of Chinese hackers exploited a vulnerability in its cloud email service, resulting in unauthorized access to the email accounts of US government employees. The hacking group, identified as Storm-0558, targeted approximately 25 email accounts, including those of government agencies and related consumer accounts linked to individuals associated with these organizations. Microsoft uses the nickname “Storm” to track emerging or developing hacking groups.

US Government Agencies Affected, Investigation Underway

Adam Hodge, a spokesperson for the White House’s National Security Council, confirmed that the breach impacted US government agencies, although Microsoft has not disclosed the specific government agencies affected. The State Department reportedly compromised and alerted Microsoft to the breach.

Method of Attack and Detection

Microsoft’s investigation revealed that Storm-0558, described as a well-resourced adversary based in China, gained access to email accounts by forging authentication tokens to exploit Outlook Web Access in Exchange Online (OWA) and Outlook.com. The hackers acquired a Microsoft consumer signing key to forge tokens, enabling access to OWA and Outlook.com. They then exploited a token validation issue to impersonate Azure AD users and gain entry to enterprise email accounts. The malicious activity went undetected for approximately a month until customers noticed abnormal mail activity and alerted Microsoft.

Focus on Espionage and Mitigation

Charlie Bell, Microsoft’s top cybersecurity executive, states that Storm-0558 appears to be an espionage-motivated adversary focused on intelligence collection. Microsoft successfully mitigated the attack, revoking Storm-0558’s access to the compromised accounts. However, it is unclear whether any sensitive data was exfiltrated during the month-long period of unauthorized access.

US Agencies Take Action and Encourage Reporting

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory urging organizations to report any anomalous activity related to Microsoft 365. During a briefing, a senior FBI official described the intrusion as a targeted campaign affecting government agencies in single digits. A government-backed actor exfiltrated a limited amount of Exchange Online data, although the US government has not attributed the attack to China. CISA and the FBI emphasize the importance of promptly reporting any suspicious activity to their agencies.

Also Read The latest News:
Protest by Urban Company Service partners continues
Fintech startup OneStack raised $2 million in funds led by growX ventures and others

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Previous News
Fintech startup OneStack raised $2 million in funds led by growX ventures and others
Next News
ixigo unveils AI-powered trip planner ‘PLAN’ using ChatGPT
Team SNFYI
Team SNFYI

Popular

More Like this

Load more

Chinese hackers exploit Microsoft flaw, gain access to US government email accounts

, By Team SNFYI
Microsoft
Tech

Microsoft has confirmed that a group of Chinese hackers exploited a vulnerability in its cloud email service, resulting in unauthorized access to the email accounts of US government employees. The hacking group, identified as Storm-0558, targeted approximately 25 email accounts, including those of government agencies and related consumer accounts linked to individuals associated with these organizations. Microsoft uses the nickname “Storm” to track emerging or developing hacking groups.

US Government Agencies Affected, Investigation Underway

Adam Hodge, a spokesperson for the White House’s National Security Council, confirmed that the breach impacted US government agencies, although Microsoft has not disclosed the specific government agencies affected. The State Department reportedly compromised and alerted Microsoft to the breach.

Method of Attack and Detection

Microsoft’s investigation revealed that Storm-0558, described as a well-resourced adversary based in China, gained access to email accounts by forging authentication tokens to exploit Outlook Web Access in Exchange Online (OWA) and Outlook.com. The hackers acquired a Microsoft consumer signing key to forge tokens, enabling access to OWA and Outlook.com. They then exploited a token validation issue to impersonate Azure AD users and gain entry to enterprise email accounts. The malicious activity went undetected for approximately a month until customers noticed abnormal mail activity and alerted Microsoft.

Focus on Espionage and Mitigation

Charlie Bell, Microsoft’s top cybersecurity executive, states that Storm-0558 appears to be an espionage-motivated adversary focused on intelligence collection. Microsoft successfully mitigated the attack, revoking Storm-0558’s access to the compromised accounts. However, it is unclear whether any sensitive data was exfiltrated during the month-long period of unauthorized access.

US Agencies Take Action and Encourage Reporting

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory urging organizations to report any anomalous activity related to Microsoft 365. During a briefing, a senior FBI official described the intrusion as a targeted campaign affecting government agencies in single digits. A government-backed actor exfiltrated a limited amount of Exchange Online data, although the US government has not attributed the attack to China. CISA and the FBI emphasize the importance of promptly reporting any suspicious activity to their agencies.

Also Read The latest News:
Protest by Urban Company Service partners continues
Fintech startup OneStack raised $2 million in funds led by growX ventures and others

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

Previous News
Fintech startup OneStack raised $2 million in funds led by growX ventures and others
Next News
ixigo unveils AI-powered trip planner ‘PLAN’ using ChatGPT
Team SNFYI
Team SNFYI

More like this

Californians can now add their driver’s licenses to Apple...

Cyber Security The Verge -
As announced last month, up to 1.5 million...

Chinese Tether laundromat, Bhutan enjoys recent Bitcoin boost: Asia...

Blockchain Cointelegraph -
Tether launderers sentenced as Bhutan’s Bitcoin hodling places...

Apple Fifth Ave glows in colors to celebrate iPhone...

Tech 9to5mac -
iPhone 16 is almost here. Following the start...
Load more

Popular

Upcoming Events

View all
Event Updates

Startup Information that matters. Get in your inbox Daily!

Subscribe

StartupNews.fyi

Subscribe

© 2024 StartupNews.fyi | DOTFYI Media Ventures Private Limited. All Rights Reserved.

StartupNews.fyi

StartupNews.fyi is India's leading news & Technology media company that focuses on Startups in India and to stories across the globe.

© 2024 StartupNews.fyi | DOTFYI Media Ventures Private Limited. All Rights Reserved.