News

Microsoft: Chinese hack group Storm-0558 hacked government mail in the US and Europe

Security Parrot Editorial Team
Top government leaders told NPR that federal agencies are years behind where they could have been if Chinese cybertheft had been openly addressed earlier

Storm-0558 Group Hacks Mailboxes of 25 Organizations

On June 16, 2023, Microsoft began investigating reports of unusual email activity from a number of customers. It was found that since May 15, 2023, the Storm-0558 group had gained access to Outlook accounts belonging to approximately 25 organizations, as well as some user accounts that were likely associated with these organizations. The names of the affected organizations and state institutions have not been disclosed.

How Did the Attackers Gain Access?

The attackers used authentication tokens forged with a stolen MSA (Microsoft account consumer signing key) key. Microsoft’s investigation determined that Storm-0558 accessed customer email accounts using Outlook Web Access in Exchange Online (OWA) and Outlook.com by forging mail access authentication tokens. The attackers used the MSA key they received to forge tokens to access OWA and Outlook.com.

What Steps Has Microsoft Taken to Fix the Problem?

Microsoft has reportedly already taken steps to fix the problem, including blocking the use of tokens signed with the compromised key and replacing the key itself. All affected clients received notifications about the incident, as well as “information necessary to respond to the incident.”
According to CNN, the issue was alerted to Microsoft by US government officials who discovered unauthorized access to Microsoft’s cloud-based email services. According to White House National Security Council spokesman Adam Hodge, the attacks only affected “unclassified systems,” but an investigation into what data was stolen is still ongoing.

Weekly Updates For Our Loyal Readers!

Share this Article
Lost your password?