Microsoft has disclosed that Chinese hackers have gained access to the email accounts of various government organizations. The breach affected unclassified systems.
A China-based actor, which Microsoft is tracking as Storm-0558, gained access to email accounts affecting approximately 25 organizations. These include government agencies and related consumer accounts of individuals likely associated with the organizations, the company said.
In a statement, the firm added that the adversary is thought to be focused on espionage, “such as gaining access to email systems for intelligence collection.”
The email accounts were breached using forged authentication tokens, allowing attackers to access user emails with an acquired Microsoft account consumer signing key. Government agencies in Western Europe were primarily targeted, said the company.
Microsoft says it has completed mitigation measures for all customers, and added substantial automated detections for known indicators of compromise associated with this attack to harden defenses and customer environments.
However, another gap in Microsoft’s cloud security, which enabled Chinese cyberspies to conduct more targeted hacks, was discovered not by the company, but by the US government. The issue was detected last month.
“Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” National Security Council spokesman Adam Hodges said in a statement to The Washington Post. “We continue to hold the procurement providers of the US government to a high security threshold.”
The Federal Bureau of Investigation is still looking into the matter, even though the number of email accounts believed to be affected is limited. Accounts at the Pentagon, the intelligence community, and the military have not been affected.
This was obviously not the first time Microsoft is found to have vulnerabilities in its products and services. In 2020, Russian hackers breached US government email accounts by using software made by a Texas company SolarWinds. The threat actors then exploited weaknesses in Microsoft’s system for authenticating users.
A new move by the US Cybersecurity and Infrastructure Security Agency confirms Microsoft does have a problem. The agency has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, and four of those are related to Microsoft services.
More from Cybernews:
Subscribe to our newsletter