Microsoft says China-based hackers breached government email accounts
Microsoft identified the hackers as the group Storm-0558
Microsoft Corp. said Tuesday that a China-based hacking group it identified as Storm-0558 breached email accounts from approximately 25 organizations, including government agencies.
The threat actor, the tech giant noted, primarily targets government agencies in Western Europe and focuses on espionage, data theft and credential access.
"We have been working with the impacted customers and notifying them prior to going public with further details. At this stage—and in coordination with customers—we are sharing the details of the incident and threat actor to benefit the industry," Microsoft said in a blog post.
Microsoft began an investigation into anomalous mail activity based on customer-reported information on June 16, with the inquiry revealing that Storm-0558 gained access to organization and consumer email accounts using Outlook Web Access Exchange Online and Outlook.com starting on May 15.
CHINA REGULATORS FINALIZING AI RULES, REQUIRE LICENSES: REPORT
To do so, the corporation said they had used forged authentication tokens to access user email with an acquired Microsoft account consumer signing key.
Microsoft said it has since completed mitigation of this attack for all customers.
Telemetry indicates, according to the company, that it had successfully blocked Storm-0558 from accessing customer email using forged authentication tokens.
Microsoft continues to investigate and monitor the group's activity and is partnering with the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency to address the issue.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
"We added substantial automated detections for known indicators of compromise associated with this attack to harden defenses and customer environments, and we have found no evidence of further access," Microsoft said, noting that it is continually "self-evaluating, learning from incidents and hardening… identity/access platforms to manage evolving risks around keys and tokens."
Earlier in the year, Microsoft said state-backed Chinese hackers have been targeting U.S. critical infrastructure and could be laying the technical groundwork for the potential disruption of critical communications between the U.S. and Asia during future crises.
CLICK HERE TO READ MORE ON FOX BUSINESS
China says the U.S. also engages in cyberespionage against it.
The Associated Press contributed to this report.