Chinese state-linked hackers since May have secretly accessed email accounts at around 25 organisations, including US government accounts, in a stealthy cyberespionage campaign, Microsoft and US officials said.
The United States detected a breach of federal government accounts “fairly rapidly” and managed to prevent further breaches, White House national security adviser Jake Sullivan said in an interview with ABC’s “Good Morning America” program.
The US State Department was one of the affected government agencies, according to a person familiar with the investigation who spoke on condition of anonymity.
The hacking group, which Microsoft dubbed Storm-0558, forged digital authentication tokens to access webmail accounts running on the firm’s Outlook service, the company said in a statement.
The activity began in May, Microsoft said.
“As with any observed nation-state actor activity, Microsoft has contacted all targeted or compromised organisations directly via their tenant admins and provided them with important information to help them investigate and respond,” the company added.
Microsoft did not say which organisations or governments had been affected, but added that the hacking group involved primarily targets entities in Western Europe.
White House National Security Council spokesman Adam Hodge said an intrusion in Microsoft’s cloud security “affected unclassified systems,” without elaborating.
“Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” Hodge added.
The State Department “detected anomalous activity” and “took immediate steps to secure our systems,” a department spokesperson said in a statement.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have since issued a joint advisory “to provide guidance to critical infrastructure organisations on enhancing monitoring of Microsoft Exchange Online environments.”
The advisory states that both basic and “premium” logging – which requires specific licensing – should be enabled, and that the logs should be easily searchable.
It appears CISA is also working with Microsoft to make the currently premium logs freely available to customers.
Private sector cyber security experts have said newly discovered hacking activity shows how Chinese groups are improving their cyber capabilities.
“Chinese cyber espionage has come a long way from the smash-and-grab tactics many of us are familiar with,” said John Hultquist, chief analyst for Mandiant.
China’s embassy in London called the accusation “disinformation” and called the US government “the world’s biggest hacking empire and global cyber thief.”
China routinely denies involvement in hacking operations regardless of the available evidence or context.
With additional reporting by iTnews.
About Author
