How this US government email hacking ‘incident’ can be a concern for Microsoft

Microsoft has discovered a new “China-based threat actor” named Storm-0558. In a recent blog post, the software giant revealed that the espionage group has stolen a key. This key allowed attackers to break into email inboxes including ones belonging to several US government agencies. The company said that is currently investigating how the hackers obtained a Microsoft signing key which the hackers abused to forge authentication tokens to access the email accounts. The targets reportedly include US Commerce Secretary Gina Raimondo, US State Department officials and other organisations that weren’t publicly revealed. According to a report by TechCrunch, the US government has not publicly acknowledged the hacks. However, China’s top foreign ministry spokesperson has reportedly denied the allegations.

How hackers used Microsoft’s Key
Microsoft said the hackers acquired one of its consumer signing keys or MSA key. This key helps the company secure consumer email accounts, like Outlook.com. Microsoft found that the hackers were using that consumer MSA key to forge tokens that allowed them to break into enterprise inboxes. The company noted that this was because of a “validation error in Microsoft code.” The company said that it has blocked “all actor activity” related to this incident and hackers have lost access.

As the hackers used the same key to access several inboxes, this allowed investigators “to see all actor access requests which followed this pattern across both our enterprise and consumer systems,” Microsoft added.

How this incident can be a concern for Microsoft
US cybersecurity agency CISA said the hacks, which began in mid-May, included a small number of government accounts. The hackers were able to steal some unclassified email data.

Earlier, China tried to individually hack into Microsoft-powered email servers to steal corporate data. However, the latest group went directly to the source by targeting new and undisclosed vulnerabilities in Microsoft’s cloud.

The company now faces scrutiny for this incident which has been deemed to be the biggest breach of unclassified US government data since the Russian espionage campaign that hacked SolarWinds in 2020.

Microsoft also reportedly didn’t offer every government department the same level of security logging that was available to departments with higher-paid tier accounts. A consultancy firm for the company’s customers has claimed that the lower government tier offers some logging, but “does not keep track of specific mailbox data which would have revealed the attack.”

FacebookTwitterLinkedin

end of article

Microsoft has discovered a new “China-based threat actor” named Storm-0558. In a recent blog post, the software giant revealed that the espionage group has stolen a key. This key allowed attackers to break into email inboxes including ones belonging to several US government agencies. The company said that is currently investigating how the hackers obtained a Microsoft signing key which the hackers abused to forge authentication tokens to access the email accounts. The targets reportedly include US Commerce Secretary Gina Raimondo, US State Department officials and other organisations that weren’t publicly revealed. According to a report by TechCrunch, the US government has not publicly acknowledged the hacks. However, China’s top foreign ministry spokesperson has reportedly denied the allegations.

How hackers used Microsoft’s Key
Microsoft said the hackers acquired one of its consumer signing keys or MSA key. This key helps the company secure consumer email accounts, like Outlook.com. Microsoft found that the hackers were using that consumer MSA key to forge tokens that allowed them to break into enterprise inboxes. The company noted that this was because of a “validation error in Microsoft code.” The company said that it has blocked “all actor activity” related to this incident and hackers have lost access.

As the hackers used the same key to access several inboxes, this allowed investigators “to see all actor access requests which followed this pattern across both our enterprise and consumer systems,” Microsoft added.

How this incident can be a concern for Microsoft
US cybersecurity agency CISA said the hacks, which began in mid-May, included a small number of government accounts. The hackers were able to steal some unclassified email data.

Earlier, China tried to individually hack into Microsoft-powered email servers to steal corporate data. However, the latest group went directly to the source by targeting new and undisclosed vulnerabilities in Microsoft’s cloud.

The company now faces scrutiny for this incident which has been deemed to be the biggest breach of unclassified US government data since the Russian espionage campaign that hacked SolarWinds in 2020.

Microsoft also reportedly didn’t offer every government department the same level of security logging that was available to departments with higher-paid tier accounts. A consultancy firm for the company’s customers has claimed that the lower government tier offers some logging, but “does not keep track of specific mailbox data which would have revealed the attack.”

FacebookTwitterLinkedin

end of article