(844) 627-8267
(844) 627-8267

State Department says Chinese hackers targeted emails through Microsoft breach | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

A State Department spokesperson, who was not authorized to talk on the record on this issue, later confirmed the department was hit.

Details: The spokesperson said the department “detected anomalous activity, took immediate steps to secure our systems, and will continue to closely monitor and quickly respond to any further activity.” But they declined to give further details of the response, citing cybersecurity policy, and said the incident remains under investigation, adding: “We continuously monitor our networks and update our security procedures.”

CISA and the FBI said the attackers pierced systems at State and about two dozen other global organizations by using forged authentication tokens in a breach first made public by Microsoft on Tuesday night. The Microsoft investigators identified the infiltrators as Storm-0558, a group that primarily uses espionage, credential access and data theft to target government agencies in Western Europe.

“Last month, U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems,” White House National Security Council spokesperson Adam Hodge said in a statement Wednesday. “Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service. We continue to hold the procurement providers of the U.S. Government to a high security threshold.”

There were no classified systems or data impacted by the campaign, senior officials at the FBI and CISA said in a briefing to reporters, adding that the number of U.S.-based organizations impacted was in the single digits. However, the officials made clear they were applying pressure on Microsoft to provide more log data at no cost — including the premium feature that was needed to detect the attack.

“It bears noting that a preponderance of organizations using Microsoft 365 or other widely used technology platforms are not paying for premium logging or other telemetry services,” said one senior CISA official, who like the others spoke anonymously as a condition of the briefing to reporters. “And we believe that model is not yielding the sort of security outcomes that we have.”

China responds: Wang Wenbin, the spokesperson for China’s Ministry of Foreign Affairs, did not deny the breach when asked about it during a press conference in Beijing on Wednesday, but accused the U.S. of being “the world’s biggest hacking empire and global cyber thief.”

“Since last year, cybersecurity institutions from China and elsewhere in the world have issued reports to reveal U.S. government’s cyberattacks against China over the years, but the U.S. has yet to make a response,” Wang said. “It is high time that the U.S. explained its cyberattack activities and stopped spreading disinformation to deflect public attention.”

The cyberattack also came to light just ahead of Lt. Gen. Timothy Haugh’s long-awaited nomination hearing Wednesday to lead the National Security Agency and U.S. Cyber Command, though the incident was not a major topic of the session. Haugh did, however, commend government agencies, foreign partners and industry for producing “very clear, unclassified, releasable advisories” on how China targets U.S. infrastructure while speaking to the Senate Intelligence Committee.

Congressional reaction: Senate Intel Committee Chair Mark Warner (D-Va.) said in a statement Wednesday that his committee is “closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence.”

“It’s clear that the PRC is steadily improving its cyber collection capabilities directed against the U.S. and our allies,” Warner said. “Close coordination between the U.S. government and the private sector will be critical to countering this threat.”

House cyber subcommittee Chair Andrew Garbarino (R-N.Y) also said his panel “is in contact with CISA as we continue to uncover more details about China’s latest attack on our federal government.”

Pattern of attacks: The breach is the latest to hit federal agencies in recent years. Most recently, Russian cybercriminals exploited the file transfer system MOVEit last month in an apparent attempt to steal data from U.S. government agencies and dozens of other groups around the world. The Department of Energy was one of the agencies reportedly impacted by this breach. A spokesperson for DOE did not respond to a request for comment on whether the agency was impacted by the new attack on Microsoft systems.


Click Here For The Original Story From This Source.

National Cyber Security