AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Chinese hackers infiltrate email accounts of several organizations, claims Microsoft

Storm-0558 cyber-espionage culprits: tracking the tactics and repercussions

Microsoft alleges that a chinese cyber-espionage group, Storm-0558, hacked around 25 organizations' email accounts, including some government agencies. The White House confirms the breach of Microsoft's cloud security, where the hackers used a vulnerability in Azure to forge authentication tokens and gain unauthorized access to corporate email accounts.

This pill is also available in Italian language

Microsoft has alleged that hackers originating from China have intruded upon the email accounts of nearly 25 organizations. Among these organizations are undisclosed government agencies. The cyberattacks have been tied to an entity known as Storm-0558, a cyber-espionage group with a reported specialty in infiltrating email networks to gather sensitive data. The specific locations of the affected organizations, however, remain undisclosed by the tech giant.

A closer look into the attacks

Microsoft's investigation into the alleged cyber-attacks began on June 16, 2023, following user complaints concerning unusual activity within their Office 365 mailboxes. The company found that the illicit access to customer accounts traced back to May 15, 2023, with the suspected actors being Storm-0558. The affected accounts appear to have been linked to approximately 25 organizations, with the U.S. State and Commerce Departments among them.

Responses and repercussions of the security breach

Despite these allegations, Microsoft has not named the specific businesses, government institutions, or countries directly impacted by these email security incidents. In a response to these claims, the Chinese embassy in London labeled the U.S. government as "the world's largest hacking empire and a global cyber thief," dismissing Microsoft's assertions as "disinformation." As has been the pattern, China consistently denies any participation in hacking activities, regardless of the provided evidence or context.

Breach of Microsoft's Cloud security and method of attack

Adam Hodge, a spokesman for the White House National Security Council, stated that the breach in Microsoft's cloud security impacted "unclassified systems," though further details were not provided. According to Microsoft's analysis, the hacking group Storm-0558 utilized Outlook Web Access in Exchange Online (OWA) and Outlook.com to access user accounts by forging authentication tokens. The hackers allegedly acquired a Microsoft consumer signing key and used a token validation vulnerability to pose as Azure AD users and access corporate email accounts. Microsoft only discovered Storm-0558's malicious activities when users alerted the company about suspicious email activity, which had gone undetected for about a month.

Follow us on Threads for more pills like this

07/13/2023 15:09

Editorial AI

Complementary pills

Microsoft security in danger: leaked encryption keys and government interventionCybersecurity highlights: the Microsoft encryption key incident and its repercussions

Chinese hackers and Microsoft's tools: new tactics in actionWhen cyberattacks exploit Microsoft's seal of trust

Last pills

Serious vulnerability discovered in Rabbit R1: all user data at riskVulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackers

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incident

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threat