A China-linked hacking group successfully breached protected email accounts of organizations worldwide, including the U.S. State Department, according to Microsoft and U.S. officials.
Microsoft said that it was able to mitigate a months-long cyber attack that affected over two dozen organizations worldwide, according to a statement released by the company on Tuesday. Experts and government officials fear the attack is part of a larger espionage campaign by China to acquire sensitive information from government intelligence agencies across the globe, The Wall Street Journal reported.
Microsoft confirmed that the cyber attack was initiated in May, just weeks before Secretary of State Antony Blinken traveled to Beijing with the goal of reestablishing better communication between the U.S. and China. The attack was detected weeks later in June after reports of strange activity on State Department email accounts. Since the discovery, Microsoft and the State Department have been scrambling to mitigate the attack.
One senior State Department official said the hack did not “initially appear” to be related to Blinken’s trip, in an anonymous to the New York Times.
“Last month, U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems. Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” said Adam Hodge, spokesman for the White House National Security Council. “We continue to hold the procurement providers of the U.S. government to a high-security threshold.”
The full scope of the attack and the specific organizations affected has yet to be determined, according to the WSJ.
The hack is seen as part of a suspected cyber-espionage campaign to access data in sensitive computer networks https://t.co/PoR4m95Jni
— The Wall Street Journal (@WSJ) July 12, 2023
The hacking group, called Storm-0558, took advantage of a security weakness in Microsoft’s Outlook servers by forging authentication tokens needed to access email accounts, according to the company. Microsoft said it has now “completed mitigation of this attack for all customers.” (RELATED: The US Government Spent Billions On Stopping Cybterattacks – Multiple Agencies Still Got Hacked)
“We added substantial automated detections for known indicators of compromise associated with this attack to harden defenses and customer environments, and we have found no evidence of further access,” said Charlie Bell, Executive Vice President of Microsoft. “We are continually self-evaluating, learning from incidents, and hardening our identity/access platforms to manage evolving risks around keys and tokens.”
China has routinely denied any involvement in hacking efforts against the U.S., despite numerous instances of cyber attacks with the goal of stealing sensitive information and disrupting communication networks. In May, Microsoft discovered a separate cyber attack led by Chinese-sponsored hacking group Volt Typhoon that gained access to infrastructure organizations in the U.S., according to Microsoft.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.