Microsoft: compromised account led to Chinese hack of US officials


The recently disclosed Chinese hack of senior officials at the US State and Commerce departments stemmed from the compromise of a Microsoft engineer's corporate account, the tech giant says.

Microsoft said the engineer's account had been penetrated by a hacking group it dubs Storm-0558, which is alleged to have stolen hundreds of thousands of emails from top American officials including Commerce Secretary Gina Raimondo, US Ambassador to China Nicholas Burns and Assistant Secretary of State for East Asia Daniel Kritenbrink.

A blog post by Microsoft addressed some unanswered questions around the incident, which has drawn fresh scrutiny of the company's security and led to calls to investigate its practices.

ADVERTISEMENT

Notably, the post explained how hackers were able to extract a cryptographic key from the engineer's account and use it to access email accounts that it should not have given them access to.

Microsoft said it had fixed the flaws that led to the key being accessible from the unidentified engineer's account, which gave the hackers such wide latitude to steal emails.

A Microsoft representative said the engineer's account had been hit using "token-stealing malware" but did not provide further detail about the incident or its timing.

The Chinese Embassy in Washington did not immediately respond to an email sent to it. Beijing has previously described the allegation that it stole messages from top US officials as "groundless narratives."