New Delhi: Microsoft has disclosed that Chinese hackers exploited a flaw in its cloud email service to gain access to email accounts affecting about 25 organizations, including government agencies, as well as customer accounts belonging to individuals associated with these organizations.
The tech giant has released details of the activities of a China-based actor it is tracking as “Storm-0558”.
“We are working with affected customers and notifying them before releasing more details. At this stage — and in coordination with customers — we are sharing incident details and threat actors to benefit the industry,” said Charlie Bell, executive vice president, Microsoft. Security.
Cray trending stories
This China-based hacking group focuses on espionage, such as gaining access to email systems to gather intelligence. Such espionage-motivated adversaries seek to abuse credentials and gain access to data on sensitive systems.
“Our investigation revealed that beginning on May 15, 2023, Storm-0558 gained access to the email data of approximately 25 organizations and a small number of related customer accounts of individuals associated with these organizations,” the company said in its latest blog post. .
They did this by using fake authentication tokens to access a user’s email using an acquired Microsoft Account (MSA) consumer signing key. Microsoft said it has mitigated the attack for all customers.
“We added enough automated detection for known indicators of compromise involved in this attack to harden defenses and customer environments, and we found no evidence of further access,” the company said.
“We’ve also partnered with relevant government agencies, such as the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA). We’re grateful they and others are working with us to protect affected customers and resolve the issue.” The tech giant added.
