Tech

Hackers infiltrated US government emails via Microsoft vulnerability

Sayem Ahmed
Microsoft logo next to a stock image of a hacker wearing a headsetPexels / Microsoft

According to blog posts from Microsoft, a vulnerability allowed Chinese hackers to gain access to US government officials for a whole month without being detected.

Chinese hacking group Storm-0588 successfully exploited Microsoft’s web email services, allowing them to hack 25 organizations, including the US government. The issue was revealed by the White House, which informed Microsoft of the vulnerability, as reported by the Washington Post.

“Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” National Security Council spokesperson Adam Hodges stated to the paper.

An FBI investigation is currently underway, though it seems as though Military, Pentagon, and intelligence-related accounts were not affected by the hack.

Microsoft revealed how the hackers infiltrated their cloud networks, in a blog post.

The hackers went under the radar for a month

Crypto hacking in Apex Legends.EA

Outlook Web Access accounts were revealed by Microsoft to be the attack vector that hackers Storm-0588 chose. The group found a way to forge authentication tokens, which allowed them access to user email addresses.

Microsoft has now mitigated the issue, preventing further cyberattacks through this vector. The attacks are reported to have begun on May 15, and completely undetected until June 16. This could have allowed the hacking group to scrape and observe all kinds of information from the breached accounts.

Microsoft has now contacted all those affected by the hack and has promised to improve its defenses against this kind of attack in the future. Aside from the US Government, the other companies targeted by the attack have not been revealed at the time of writing.

Microsoft claims in its blog post: “The accountability starts right here at Microsoft. We remain steadfast in our commitment to keep our customers safe.  We are continually self-evaluating, learning from incidents, and hardening our identity/access platforms to manage evolving risks around keys and tokens.”

Hackers continue to be a thorn in the side of many businesses. In June, over 100,000 ChatGPT accounts were hacked and hijacked.

Related Topics

Hacker

About The Author

Sayem Ahmed

Dexerto's Hardware Editor. Sayem is an expert in all things Nvidia, AMD, Intel, and PC components. He has 10 years of experience, having written for the likes of Eurogamer, IGN, Trusted Reviews, Kotaku, and many more. Get in touch via email at sayem.ahmed@dexerto.com.

keep reading
Epic games logo on background of laptop with code
Tech
Epic Games ransomware attack: Company responds to claims of breach
Sayem Ahmed
hacker black and white
Tech
Over 100k ChatGPT accounts stolen in dark web hacker attack
Sayem Ahmed
Atomic Wallet promo screen with phone and laptop
Tech
Crypto hacker heist drains $35 million from Atomic Wallet users
Sayem Ahmed
Gigabyte B660 Gaming x
Tech
Millions of PCs could be targeted by hackers in firmware blunder
Sayem Ahmed
Sign up to Dexerto for free and receive:
Fewer Ads|Dark Mode|Deals in Gaming, TV and Movies, and Tech