According to the company, they had access to the accounts for about 1 month; invasion is being seen as a spy campaign
Hackers based in China breached the email accounts of more than two dozen organizations, including US government agencies. The information was released on Tuesday (July 11, 2023) by Microsoft.
The hack is being seen as part of an espionage campaign that may have compromised classified US government information. The scope and severity of the incident is still unknown – as well as which institutions and individuals were victims of the hack.
“Last month, US government safeguards identified a breach into Microsoft’s cloud security that affected unclassified systems. Authorities immediately contacted Microsoft to find the source and vulnerability in its cloud service.,” Adam Hodge, spokesman for the White House National Security Council, told the newspaper. Wall Street Journal.
Em announcementMicrosoft stated that the hackers hacked the e-mails of around 25 organizations and reached consumer accounts that were probably linked to these entities.
They gained access to victims’ email in mid-May and operated for over a month, until June 16, when Microsoft launched the investigation. According to the company, the hackers used tokens spoofed authentication keys to log into accounts. The flaw, the company said, has been mitigated.
“The threat agent that Microsoft links to this incident is a China-based adversary that Microsoft calls Storm-0558. We assess that this adversary is focused on espionage, such as gaining access to email systems for intelligence gathering.”, reads in the company publication.