Hackers infiltrated US government emails via Microsoft vulnerability
According to blog posts from Microsoft, a vulnerability allowed Chinese hackers to gain access to US government officials for a whole month without being detected.
Chinese hacking group Storm-0588 successfully exploited Microsoft’s web email services, allowing them to hack 25 organizations, including the US government. The issue was revealed by the White House, which informed Microsoft of the vulnerability, as reported by the Washington Post.
“Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” National Security Council spokesperson Adam Hodges stated to the paper.
An FBI investigation is currently underway, though it seems as though Military, Pentagon, and intelligence-related accounts were not affected by the hack.
Microsoft revealed how the hackers infiltrated their cloud networks, in a blog post.
The hackers went under the radar for a month
Outlook Web Access accounts were revealed by Microsoft to be the attack vector that hackers Storm-0588 chose. The group found a way to forge authentication tokens, which allowed them access to user email addresses.
Microsoft has now mitigated the issue, preventing further cyberattacks through this vector. The attacks are reported to have begun on May 15, and completely undetected until June 16. This could have allowed the hacking group to scrape and observe all kinds of information from the breached accounts.
Microsoft has now contacted all those affected by the hack and has promised to improve its defenses against this kind of attack in the future. Aside from the US Government, the other companies targeted by the attack have not been revealed at the time of writing.
Microsoft claims in its blog post: “The accountability starts right here at Microsoft. We remain steadfast in our commitment to keep our customers safe. We are continually self-evaluating, learning from incidents, and hardening our identity/access platforms to manage evolving risks around keys and tokens.”
Hackers continue to be a thorn in the side of many businesses. In June, over 100,000 ChatGPT accounts were hacked and hijacked.