Hackers breached a series of email accounts linked to government agencies in the US and Western Europe, according to government officials and Microsoft Corp., which described the attackers as being based in China.
(Bloomberg) — Hackers breached a series of email accounts linked to government agencies in the US and Western Europe, according to government officials and Microsoft Corp., which described the attackers as being based in China.
Last month, a US civilian executive branch agency identified suspicious activity in its Microsoft 365 cloud environment, around the accessing of mailboxes. Microsoft was alerted, and a subsequent investigation determined that hackers “accessed and exfiltrated unclassified Exchange Online Outlook data from a small number of accounts,” according to a statement from the US Cybersecurity and Infrastructure Security Agency, known as CISA.
In an interview with ABC News Wednesday morning, National Security Advisor Jake Sullivan said, “We detected it fairly rapidly, and we were able to prevent further breaches. The matter is still being investigated.”
Adam Hodge, a spokesperson for the National Security Council, said, “We continue to hold the procurement providers of the US government to a high security threshold.”
In a blog post published Tuesday night, Microsoft said the group that it identified as Storm-0558 was able to remain undetected for a month after gaining access to email data from around 25 organizations in mid-May. The software company said it discovered the breach following an investigation in mid-June, after being alerted by a customer.
“We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection,” Charlie Bell, an executive vice president at Microsoft, wrote in another post.
A spokesperson for the US State Department said the agency detected anomalous activity and took immediate steps to secure its systems. Further details about the incident weren’t immediately available, nor were names of other US agencies that were impacted.
It also wasn’t clear which European governments were affected. Italian cybersecurity officials said they were in contact with Microsoft “in order to identify potential Italian subjects involved in the latest attacks.”
Storm-0558 carried out the attack by forging the authentication tokens needed to access user email accounts, he added. Microsoft has since notified the affected customers and completed the relevant mitigation efforts, the company said.
The disclosure comes not long after Microsoft co-founder Bill Gates met Chinese President Xi Jinping in Beijing. The two talked primarily about cooperation around Gates’ philanthropic efforts to prevent and eradicate communicable diseases.
Asked about the findings, China’s foreign ministry spokesman Wang Wenbin said at a regular briefing on Wednesday that the US National Security Council was the source of the hacking claims and accused the US of being the world’s largest source of hacking.
This is the latest discovery of a China-based threat actor conducting cyberattacks seeking sensitive information. In May, Microsoft said that a Chinese state-sponsored hacking group known as Volt Typhoon had gained access to infrastructure organizations in Guam and elsewhere in the US, with the likely goal of disrupting critical communications.
–With assistance from James Mayger, Justin Sink, Iain Marlow and Flavia Rotondi.
(Updates with comment from State Department in seventh paragraph and Italian officials in eight paragraph.)
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.