Published 16:12 IST, July 12th 2023
Chinese hackers breached government mail, says Microsoft
Microsoft said that it had successfully blocked the thread actor Storm-0558 from accessing customer emails with the help of forged authentication tokens.
Advertisement
Tech giant Microsoft claimed that the hackers in China targeted government agencies in Western Europe and focused on data theft, espionage and credential access. The information was disclosed by a Microsoft blog on Tuesday. The blog stated that the company mitigated an attack by a China-based threat actor 'Storm-0558' that targeted customer emails. A threat actor is a malicious factor that is intended to harm the cyber space which includes computers, devices, systems or networks.
Chinese hacker's intent was on collecting intelligence on the United States gained access to government email accounts, Microsoft disclosed on Tuesday night, the New York Times reported.
What did Microsoft reveal?
Storm-0558 as tracked by Microsoft primarily targets government agencies in western Europe, thereby stealing data and credential access. Further, Microsoft reveals that the investigation began based on a customer report last month. Microsoft started investigating anomalous mail activity and within weeks, it was found that Storm-0558 started accessing email accounts in the month of May and affected approximately 25 organisations that include government agencies and other customer accounts associated.
These activities were conducted by forged authentication tokens to access email with the help of an acquired Microsoft account consumer signing key. Microsoft claims that it has completed mitigation of attacks and thereby reduced the impact it could have on customers.
Microsoft said that it had successfully blocked the thread actor Storm-0558 from accessing customer emails with the help of forged authentication tokens. Further, it called all targeted organisations and provided all the important information to help them investigate and respond.
"We assess that this adversary is focused on espionage, such as gaining access to email systems for intelligence collection. This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems," said Charlie Bell - Executive Vice President, Microsoft Security.
Meanwhile, the company is also partnering with US agencies, Department of Homeland Security, Cybersecurity and Infrastructure Security Agency to protect affected customers and address the issues and continues to monitor the Storm-0558 activity.
16:12 IST, July 12th 2023