Microsoft has reported that Chinese hackers hacked the email accounts of approximately 25 organizations, including US government agencies. According to Microsoft experts and officials, these organizations were targeted in a suspected cyber-espionage effort aiming at accessing sensitive data in computer networks.
The news comes just weeks after Beijing dismissed claims of Chinese hackers targeting US firms as “far-fetched and unprofessional.”
According to a Microsoft blog post, a China-based actor identified as Storm-0558 breached 25 organizational accounts as well as consumer accounts associated to these organizations.
According to Microsoft’s breach report, Storm-0558’s primary goals are espionage, data theft, and credential access. The actor typically targets Western European government entities.
According to the article, the hackers took advantage of a security flaw in their cloud computing infrastructure, which has subsequently been patched. The hackers gained access to accounts that used Microsoft’s Outlook email service, forging authentication credentials and impersonating users.
Based on the attack’s complexity and specificity, it seems likely that the Chinese hacking organization was associated with or working for Beijing’s intelligence service. In a recent blog post, Microsoft’s senior vice president, Charlie Bell, claimed that this adversary’s principal goal is espionage, specifically acquiring access to email systems for intelligence gathering purposes.
On June 16, Microsoft was first notified of an intrusion and breach. According to the company’s blog post, a Chinese hacker organization obtained access to email accounts on May 15, a month previously. However, Microsoft has not stated the number of accounts that may have been compromised by these hackers.
“We have been working with the impacted customers and notifying them prior to going public with further details,” Microsoft wrote in a blog post. According to a source familiar with the incident, US government officials have requested more information from the corporation about the vulnerability and its cause.
Check out TechOnTips.com for the most recent news, tech news, breaking news headlines, and live updates.