Chinese hackers attack Microsoft cloud, affecting U.S. government email accounts | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Chinese cyberspies exploited a significant gap in Microsoft’s cloud enabling them to hack a limited number of unclassified U.S. email accounts — a gap officials said was discovered by the U.S. government.

The security issue was discovered last month after U.S. officials found intrusions into the unclassified systems.

“Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” White House National Security Council spokesman Adam Hodges said. “We continue to hold the procurement providers of the U.S. government to a high security threshold.”

U.S. accuses China of hacking Microsoft and condoning other cyber attacks

Microsoft late Tuesday disclosed that it had mitigated an attack by “a China-based threat actor” that primarily targets government agencies in Western Europe and focuses on espionage and data theft.

The tech giant said it began an investigation after being notified in mid-June. The probe revealed that the hackers, whom Microsoft is calling Storm-0558, gained access to email accounts affecting about 25 organizations, including government agencies.

They did this by using forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key, according to a blog written by Charlie Bell, Microsoft security executive vice president.

Microsoft says Russia hacked its network

Microsoft has completed mitigation of this attack for all customers, he added in the blog.

This story is breaking and will be updated.

Chinese hackers attack Microsoft cloud, affecting U.S. government email accounts | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Related

PRODUCTS & SERVICES