Microsoft revealed that Chinese hackers exploited a cloud email service vulnerability to access 25 organizations, including government agencies, and related consumer accounts of people likely connected to these organizations.
The company is tracking a China-based actor as “Storm-0558.”
Microsoft Security senior vice president Charlie Bell said, “Before disclosing further information to the public, we worked with the impacted consumers and notified them. In conjunction with customers, we are publishing event and threat actor details to assist the industry.”
This Chinese hacking group specializes on email network espionage. This espionage-driven opponent misuses credentials to access sensitive systems’ data.
The firm claimed in its latest blog post, “Our analysis indicated that Storm-0558 got access to email data from around 25 organizations, as well as a limited number of connected consumer accounts of persons possibly associated with these organizations, commencing on May 15, 2023.”
They accessed user email using bogus authentication tokens and a bought Microsoft Account (MSA) consumer signing key. Microsoft says it mitigated this threat for all consumers.
The company added, “To harden defenses and customer environments, we added significant automated detections for known indicators of compromise associated with this attack, and we have found no evidence of further access. We’ve also partnered with key government authorities including the DHS Cybersecurity and Infrastructure Security Agency (CISA). We and others are helping us protect clients and fix the issue.”
Conclusion
Microsoft revealed that Chinese hackers exploited a cloud email service vulnerability to access 25 organizations, including government agencies, and related consumer accounts of people likely connected to these organizations.
The Chinese actor “Storm-0558” is profiled by the firm. Microsoft Security senior VP Charlie Bell said, “At this time, in collaboration with customers, we are releasing the facts of the event and threat actor to benefit the industry.” This Chinese hacking group specializes on email network espionage.
The company said, “Our analysis indicated that Storm-0558 got access to email data from around 25 organizations, as well as a limited number of connected consumer accounts of persons possibly associated with these organizations, commencing on May 15, 2023.” Microsoft says it mitigated this threat for all consumers.
The company claimed it implemented considerable automatic detections for known signs of compromise linked with this assault to fortify defenses and client environments and discovered no further access. Microsoft says it has collaborated with government entities including the DHS Cybersecurity and Infrastructure Security Agency (CISA).
