Microsoft confirmed Tuesday evening (July 11) Chinese hackers exploited a flaw in their cloud email service to gain access to the email accounts of US government employees.
According to the tech giant, the hacking group tracked as Storm-0558, compromised approximately 25 million email accounts, including government agencies. The hackers also targeted related consumer accounts linked to individuals associated with these organizations.
"Storm" is a nickname used by Microsoft to track hacking groups that are new, emerging, or "in development."
The company's investigation determined Storm-0558 is a China-based hacking group. It has been described as a "well-resourced" adversary "focused on espionage" for gaining access to email accounts using Outlook Web Access (OWA) in Exchange Online and Outlook.com by forging authentication tokens to access user accounts. However, Microsoft has not identified the government agencies targeted by Storm-0558
In its technical analysis of the attack, Microsoft explained the hackers used and acquired Microsoft consumer signing keys to forge tokens to access OWA and Outlook.com. After that, the hackers exploited a token validation issue to impersonate Azure AD users and gain access to enterprise email accounts. The tech company added Storm-0885's malicious activity went undetected for about a month until customers alerted them to anomalous mail activity.
"We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection," said Microsoft cybersecurity chief Charlie Bell. "This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems."
Microsoft also stated the attack was successfully mitigated and that Storm-0558 no longer has access to the compromised accounts. However, the company has not said whether any sensitive data was exfiltrated over the month-long period that the attackers had access to.
Read Also: Activision Blizzard's Stock Market Value Soars After Court Ruling Favors Purchase of Game Firm
US Government Officials Confirm Chinese Cyber-attack
Meanwhile, the White House's National Security Council spokesperson Adam Hodge confirmed to TechCrunch that US government agencies were affected.
"Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service," he added. "We continue to hold the procurement providers of the U.S. Government to a high-security threshold."
The Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) was one of the federal government agencies that first detected the unusual activity on its Microsoft 365 email cloud environment last month, according to an NPR report.
The CISA also did not divulge which government agency was affected by the hack, but has urged organizations to implement the logging recommendations in their advisory to "enhance their cybersecurity posture and position themselves to detect similar malicious activity."
While this is not the first time Microsoft or other tech companies have been targeted with this kind of breach, the US government is putting pressure on them to hold high-security standards.
Additionally, US Senate Intelligence Committee chief Mark Warner (D-VA) said he and congressional colleagues would be "closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence.
"It's clear that the [People's Republic of China] is steadily improving its cyber collection capabilities directed against the US and our allies," Warner added.
The Chinese Embassy in Washington DC did not immediately respond to requests from reporters for comment, but a Chinese Foreign Ministry told the Associated Press any accusation of government involvement was "disinformation."
A similar incident was recently reported when Russian hackers used a BMW ad to compromise at least 22 of around 80 embassies in Kyiv, Ukraine's capital, as part of an alleged extensive espionage effort.
Related Article: Russian Hackers Use BMW Ad to Sway Ukrainian Embassy Staff
