Microsoft announced earlier this week that it had found a group of Chinese hackers who had broken into some of its customers’ email systems in order to gather intelligence. According to fresh claims, US Commerce Department Secretary Gina Raimondo was among the senior US officials whose emails were hacked. In addition to the Commerce Department, several victims have confirmed being affected, including personnel from the State Department and the US House of Representatives. The incursion activity began in May and lasted around a month.
The United States has strongly condemned the incident. In a meeting in Jakarta, Secretary of State Antony Blinken reportedly told China’s top diplomat Wang Yi that any action targeting the US government, US companies, or American citizens “is of deep concern to us, and that we will take appropriate action to hold those responsible accountable,” according to another source, a senior state department official.
According to Microsoft, a stealthy Chinese hacking operation used a secret hole in a portion of the company’s authentication software to secretly enter into email accounts belonging to 25 undisclosed organizations.
According to reports, Microsoft informed the agency of “a compromise to Microsoft’s Office 365 system, and the department took immediate action to respond.” In addition, the US inspector general’s office issued a report in March criticizing the Commerce Department’s “fundamental deficiencies” in its cybersecurity incident response program, claiming that it violated security protocols, did not properly use cyber-protection tools, and handled simulated cyberattacks poorly.
What China said
In a statement to Reuters, China’s Ministry of Foreign Affairs labelled the claims “disinformation.”
Mode of operation
Microsoft discovered that APT actors accessed and exfiltrated unclassified Exchange Online Outlook data from a small number of accounts. The APT actors impersonated consumer and enterprise users by forging tokens using a Microsoft account (MSA) consumer key. Microsoft fixed the problem by first blocking tokens issued with the acquired key and then replacing the key to prevent further misuse.
Check out TechOnTips.com for the most recent news, tech news, breaking news headlines, and live updates.
