Chinese Hackers Breach Government Email Accounts: Unveiling Espionage Intentions

Chinese hackers have accessed the email accounts of various governmental organizations, according to Microsoft. Systems that were not classified were compromised.

A Chinese actor, Storm-0558, which Microsoft is tracking, gained access to email accounts affecting about 25 organizations. According to the company, these include government organizations and related consumer accounts of people who are probably connected to the organizations.

The company said in a statement that it believes the enemy is interested in espionage, "such as gaining access to email systems for intelligence collection."

By using fake authentication tokens to access the email accounts, the attackers were able to access user emails using a Microsoft account consumer signing key that they had obtained. According to the company, Western European government agencies were the main targets.

In order to harden defenses and customer environments, Microsoft claims to have finished mitigation measures for all customers and added significant automated detections for known indicators of compromise related to this attack.

However, the US government, not the company, found yet another vulnerability in Microsoft's cloud security that allowed Chinese cyberspies to carry out more precise hacks. The problem was found last month.

National Security Council spokesman Adam Hodges told The Washington Post that "officials immediately contacted Microsoft to find the source and vulnerability in their cloud service." "We still have a high security threshold for the US government's procurement providers."


Even though it is believed that only a small number of email accounts are at risk, the Federal Bureau of Investigation is still investigating the situation. There has been no impact on accounts at the Pentagon, in the intelligence community, or in the armed forces.

It is clear that Microsoft has had vulnerabilities in its products and services before. 2020 saw the hacking of US government email accounts by Russians using SolarWinds software, a product of a Texas company. The threat actors then took advantage of holes in Microsoft's user authentication system.

Microsoft does have a problem, according to a recent move by the US Cybersecurity and Infrastructure Security Agency. Four of the five new vulnerabilities that the agency has added to its list of known exploited vulnerabilities concern Microsoft products.

Get latest news delivered daily!

We will send you breaking news right to your inbox

© 2024 Wayne Dupree, Privacy Policy