Microsoft discloses espionage attempt by Chinese hacking group

July 25, 2023 - TuxCare PR Team

Microsoft has revealed that a China-based hacking group, dubbed Storm-0558 was behind the calculated attempt to infiltrate email systems for intelligence collection purposes.

The group breached email accounts of approximately 25 organizations, including some related individual consumer accounts and government agencies in Western Europe and the United States. It did so using forged authentication tokens to access impacted email accounts via Outlook Web Access in Exchange Online (OWA) and Outlook.com from May 15th, remaining undetected for a month until Microsoft began its investigation on June 16th following “customer reported information.”

The U.S. government initially alerted Microsoft about an exploit. Responding promptly, Microsoft investigated unusual mail activity on June 16, 2023, informed by their customers. Hackers had accessed sensitive email data undetected for a month. The breach only affected unclassified systems, sparing email accounts associated with the Pentagon, military, or intelligence community from compromise. However, the specific organizations and government agencies targeted by the hackers have not been publicly disclosed.

Microsoft has contacted and implemented mitigations for all customers targeted during the security breach. The tech giant said it’s hardened its defenses by adding “substantial automated detections” to flag activity associated with the attack and is now working with the Department of Homeland Security’s cyber defense agency to protect affected users.

The hack affected unclassified systems and doesn’t appear to have compromised email accounts linked to the Pentagon, military, or intelligence community. The remaining organizations and government agencies compromised by the hackers have not been disclosed.

Microsoft said the group is intent on “gaining access to email systems for intelligence collection.” It is unclear what information the hackers may have obtained from the compromised accounts.

This is not the first time that a Chinese hacking group has targeted US government agencies. In 2015, hackers affiliated with the Chinese state were reportedly behind a cyberattack targeting US government security clearance records that affected 21.5 million people.

The Russia-linked SolarWinds hack in 2020 was also a major cybersecurity incident that affected US government agencies and other organizations. The hack was initially believed to have impacted up to 18,000 customers who had downloaded the malicious software update, but updated figures from SolarWinds later estimate that fewer than 100 customers were actually compromised.

The sources for this piece include an article in TheVerge.

Summary