Chinese hackers exploit Microsoft flaw, gain access to US government email accounts

Share via:

Microsoft has confirmed that a group of Chinese hackers exploited a vulnerability in its cloud email service, resulting in unauthorized access to the email accounts of US government employees. The hacking group, identified as Storm-0558, targeted approximately 25 email accounts, including those of government agencies and related consumer accounts linked to individuals associated with these organizations. Microsoft uses the nickname “Storm” to track emerging or developing hacking groups.

US Government Agencies Affected, Investigation Underway

Adam Hodge, a spokesperson for the White House’s National Security Council, confirmed that the breach impacted US government agencies, although Microsoft has not disclosed the specific government agencies affected. The State Department reportedly compromised and alerted Microsoft to the breach.

Method of Attack and Detection

Microsoft’s investigation revealed that Storm-0558, described as a well-resourced adversary based in China, gained access to email accounts by forging authentication tokens to exploit Outlook Web Access in Exchange Online (OWA) and Outlook.com. The hackers acquired a Microsoft consumer signing key to forge tokens, enabling access to OWA and Outlook.com. They then exploited a token validation issue to impersonate Azure AD users and gain entry to enterprise email accounts. The malicious activity went undetected for approximately a month until customers noticed abnormal mail activity and alerted Microsoft.

Focus on Espionage and Mitigation

Charlie Bell, Microsoft’s top cybersecurity executive, states that Storm-0558 appears to be an espionage-motivated adversary focused on intelligence collection. Microsoft successfully mitigated the attack, revoking Storm-0558’s access to the compromised accounts. However, it is unclear whether any sensitive data was exfiltrated during the month-long period of unauthorized access.

US Agencies Take Action and Encourage Reporting

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory urging organizations to report any anomalous activity related to Microsoft 365. During a briefing, a senior FBI official described the intrusion as a targeted campaign affecting government agencies in single digits. A government-backed actor exfiltrated a limited amount of Exchange Online data, although the US government has not attributed the attack to China. CISA and the FBI emphasize the importance of promptly reporting any suspicious activity to their agencies.

Also Read The latest News:
Protest by Urban Company Service partners continues
Fintech startup OneStack raised $2 million in funds led by growX ventures and others

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Chinese hackers exploit Microsoft flaw, gain access to US government email accounts

Microsoft has confirmed that a group of Chinese hackers exploited a vulnerability in its cloud email service, resulting in unauthorized access to the email accounts of US government employees. The hacking group, identified as Storm-0558, targeted approximately 25 email accounts, including those of government agencies and related consumer accounts linked to individuals associated with these organizations. Microsoft uses the nickname “Storm” to track emerging or developing hacking groups.

US Government Agencies Affected, Investigation Underway

Adam Hodge, a spokesperson for the White House’s National Security Council, confirmed that the breach impacted US government agencies, although Microsoft has not disclosed the specific government agencies affected. The State Department reportedly compromised and alerted Microsoft to the breach.

Method of Attack and Detection

Microsoft’s investigation revealed that Storm-0558, described as a well-resourced adversary based in China, gained access to email accounts by forging authentication tokens to exploit Outlook Web Access in Exchange Online (OWA) and Outlook.com. The hackers acquired a Microsoft consumer signing key to forge tokens, enabling access to OWA and Outlook.com. They then exploited a token validation issue to impersonate Azure AD users and gain entry to enterprise email accounts. The malicious activity went undetected for approximately a month until customers noticed abnormal mail activity and alerted Microsoft.

Focus on Espionage and Mitigation

Charlie Bell, Microsoft’s top cybersecurity executive, states that Storm-0558 appears to be an espionage-motivated adversary focused on intelligence collection. Microsoft successfully mitigated the attack, revoking Storm-0558’s access to the compromised accounts. However, it is unclear whether any sensitive data was exfiltrated during the month-long period of unauthorized access.

US Agencies Take Action and Encourage Reporting

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory urging organizations to report any anomalous activity related to Microsoft 365. During a briefing, a senior FBI official described the intrusion as a targeted campaign affecting government agencies in single digits. A government-backed actor exfiltrated a limited amount of Exchange Online data, although the US government has not attributed the attack to China. CISA and the FBI emphasize the importance of promptly reporting any suspicious activity to their agencies.

Also Read The latest News:
Protest by Urban Company Service partners continues
Fintech startup OneStack raised $2 million in funds led by growX ventures and others

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Nokia files patent for digital asset encryption device and...

A Nokia patent application shows that the company...

India’s FirstCry parent shares drop almost 5%

As of now, Brainbees Solutions has a market...

Crypto industry eyes bitcoin reserves, reforms under Trump

Advocates are hopeful that Trump's administration will prioritize...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!