Microsoft has revealed that a group of hackers based in China has successfully breached the email accounts of approximately 25 organizations, including government agencies. Although Microsoft has not disclosed the specific locations of the affected government agencies, the US Department of Commerce confirmed that it was notified about the attack. According to reports, the breach affected a number of people, including ‘Secretary of Commerce Gina Raimondo.
According to Microsoft, the hacking group, known as Storm-0558, gained access to the email accounts by forging digital authentication tokens used for verifying identities within the Office 365 system. The organization primarily targets “Western European” government entities and focuses on spying, data theft, and credential access. Although Microsoft asserts that the attack was reduced and that it had already alerted the impacted users, the breaches are reported to have started in May. The company stated that it has implemented enhanced automated detection mechanisms to identify known indicators of compromise associated with this particular attack.
In addition to the government agencies, the State Department in the United States is reported to have been targeted by hackers. However, the department did not immediately respond to requests for comment from the media. The Chinese embassy in London dismissed the accusations as “disinformation,” alleging that the US government is the “world’s biggest hacking empire and global cyber thief.”
This incident follows a previous cyber espionage campaign in which Chinese hackers deployed stealthy malware to attack critical infrastructure on American military bases in Guam. The targeted military outpost and its ports and air bases are strategically important in the event of a conflict in Asia. Beijing criticised the Microsoft research, calling it “highly unethical” and disinformation. Disregarding the available information and context, China has constantly rejected any involvement in hacking activities.
Microsoft has taken measures to address the breach and improve its detection capabilities. The incident highlights the ongoing cybersecurity challenges posed by state-sponsored hacking groups and the need for organizations to remain vigilant in protecting their systems and data.