In a recent incident, Chinese hackers exploited a flaw in Microsoft’s cloud email service, resulting in illegal access to the email accounts of several U.S. government employees.
Microsoft, the technology giant, confirmed the breach, stating that a hacking group identified as Storm-0558 was responsible for compromising approximately 25 email accounts.
YOU MAY ALSO LIKE: EC Approves Broadcom’s $61 Billion Acquisition Of VMware
These included accounts associated with government agencies and related consumer accounts.
The specific government agencies targeted by Storm-0558 have not been disclosed by Microsoft.
However, a spokesperson for the White House’s National Security Council confirmed that U.S. government agencies were indeed affected.
The intrusion was initially identified by U.S. government safeguards, prompting immediate action to investigate the source and vulnerability within Microsoft’s cloud service.
The incident highlights the importance of maintaining a high security threshold for procurement providers serving the U.S. Government.
Microsoft’s investigation into the breach revealed that the China-based hacking group gained access to email accounts by exploiting vulnerabilities in Outlook Web Access in Exchange Online (OWA) and Outlook.com.
The hackers forged authentication tokens, using an acquired Microsoft consumer signing key, to gain unauthorized access to user accounts.
By exploiting a token validation issue, they were able to impersonate Azure AD users and gain entry into enterprise email accounts.
The malicious activity of Storm-0558 went undetected for approximately a month until customers reported anomalous mail activity to Microsoft.
The company promptly took action to mitigate the attack. Microsoft stated that Storm-0558 no longer has access to the compromised accounts.
However, the company has not provided information regarding whether sensitive data was exfiltrated during the month-long period in which the attackers had access.
Microsoft assessed that the hacking group was primarily focused on espionage, aiming to gain access to email systems for intelligence collection purposes.
While Microsoft successfully mitigated the attack and took measures to prevent further unauthorized access, this incident underscores the ongoing challenge posed by sophisticated hacking groups.
YOU MAY ALSO LIKE: Akamai Expands Its Cloud Services With Addition Of New Locations
It highlights the importance of robust security measures and constant vigilance in safeguarding sensitive data.
This particularly concerns government agencies and organizations handling critical information.
