It turned out that the Chinese hacking group illegally accessed the mailbox of the US government organization
Microsoft and the US White House have reported that a Chinese hacking group codenamed ``Storm-0558'' has hacked the email accounts of more than 20 organizations, including government agencies in the US and EU.
Microsoft mitigates China-based threat actor Storm-0558 targeting of customer email | MSRC Blog | Microsoft Security Response Center
Mitigation for China-Based Threat Actor Activity - Microsoft On the Issues
Chinese hackers breached US government email accounts, Microsoft and White House say | CNN Politics
Storm-0558 primarily targets government agencies in Western Europe, with a focus on espionage, data theft, and access to credentials. The investigation into the hacking in question began with information reported by a customer on June 16, 2023. Investigation revealed that starting May 15, 2023, Storm-0558 accessed Outlook email accounts affecting approximately 25 organizations, including government agencies, as well as consumer accounts of individuals involved.
To perform this hack, the Storm-0558 attackers stole consumer signing keys for Microsoft accounts and forged authentication tokens to access Outlook Web Access and Outlook.com. The attacker then logged into the customer's email account and attempted to access various information.
Microsoft has already successfully blocked this unauthorized access and has already contacted users with affected Mirosoft accounts. Microsoft said, ``We have reached out directly to all targeted or compromised organizations through their administrators and provided critical information to assist in our investigation and response. We will continue to work closely with the organization.'
American news media CNN reports that the US Department of State was the organization that first discovered the damage caused by Storm-0558 and reported it to Microsoft, according to testimony from multiple sources familiar with the investigation. In addition, Storm-0558 was hacking targeting specific government officials, and it seems that it was targeting email accounts held by a very small number of people belonging to federal government agencies. State Department spokesperson Matt Miller told the Wall Street Journal : 'In June 2023, the State Department detected anomalous activity. As a result, we took immediate action to protect our systems. We have taken action and notified Microsoft. This incident remains under investigation.'
'In June 2023, U.S. government safeguards identified a breach in Microsoft's cloud security that affected non-classified systems, ' National Security Council spokesperson Adam Hodge told CNN. 'I gave him the same amount of money as possible,' he said, admitting that he had been attacked.
The conflict between China and the United States is intensifying in the world of cybersecurity, and it was just reported in May 2023 that an attack group backed by the Chinese government was conducting activities targeting critical infrastructure in the United States. .
Microsoft warns that Chinese government-affiliated hacker group ``Bolt Typhoon'' is conducting espionage activities targeting critical infrastructure - GIGAZINE
The US government has consistently identified China as the ``most advanced of America's adversaries in the cyberspace domain,'' and the US Federal Bureau of Investigation (FBI) has also stated that ``the Chinese government is He claims to have a hacking program larger than any other company in the world. In addition, in response to the statement released by Microsoft, China's Ministry of Foreign Affairs criticized that ``the American government is conducting its own hacking activities.''
Microsoft's consumer signature key is stolen by a Chinese hacker group, affecting all Microsoft cloud services - GIGAZINE
in Security, Posted by log1i_yk