Topline
Chinese hackers were able to gain access to the email accounts of around 25 organizations, including U.S. government agencies, Microsoft revealed late Tuesday, an incident that comes three years after the SolarWinds hack where Russian hackers gained access to federal government systems.
Hackers were able to gain access to accounts that used Microsoft’s Outlook mail service using forged … [+]
Key Facts
In a blog post, Microsoft said “a China-based actor” known as Storm-0558 carried out the breach.
In a report on the breach, Microsoft said Storm-0558’s main focus is on “espionage, data theft, and credential access” and it primarily targets “government agencies in Western Europe.”
The hackers were able to gain access to accounts that used Microsoft’s Outlook mail service using forged authentication tokens, which allowed them to impersonate a user.
According to the Washington Post, “unclassified U.S. email accounts” were impacted by this breach, although the number of affected accounts is limited.
Microsoft said it began investigating the issue on June 16 “based on customer-reported information” and found that the hackers had gained access to the emails a month earlier.
The customer in question appears to be the U.S. government, which “contacted Microsoft to find the source and vulnerability in their cloud service,” a White House National Security Council spokesperson told the Post.
Crucial Quote
“The threat actor Microsoft links to this incident is an adversary based in China that Microsoft calls Storm-0558. We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection,” Microsoft said in its blog post.
