Microsoft claims hackers have breached government emails

Microsoft releases information about hacker group Storm-0558 breaching email accounts of 25 high profile organisations, adding to increased cyber concerns

Microsoft has released information to suggest that a group of hackers have gained access to email accounts affecting approximately 25 organisations, including government agencies.

The company has published these details of activity by threat actor Storm-0558 which is believed to be China-based. In addition to implicating companies, the hackers are also believed to have access accounts of individuals likely associated with these organisations.

Motivated threat actors continue to focus on compromising IT systems, as the rate of global cyber attacks increase. Not only is this a threat to business, but also to political and government organisations whose data could be leaked.

Forged authentication threatens cyber operations

The investigation conducted by Microsoft has determined that Storm-0558 gained access to customer email accounts by using Outlook Web Access in Exchange Online (OWA) and Outlook.com by managing to forge authentication tokens to access user emails.

Microsoft has been working with impacted customers and notifying them prior to going public with this information. At this stage, the company has said that they hope to share details of the incident and threat actor to benefit cybersecurity within the industry. 

The company has claimed that this hack was focused on gaining access to these systems for intelligence collection and apparently gain access to sensitive data.

In a recent blog post, Microsoft stated that the group that it has identified as Storm-0558 was able to remain undetected for a month after gaining access to email data from around 25 organisations in mid-May. The software company only discovered the breach following an investigation in mid-June, after being alerted by customer reports about abnormal mail activity.

Microsoft has now confirmed that the actor activities have now been blocked. It mitigated this via blocking the usage of tokens in OWA to prevent further mail activity, as well as replacing the relevant MSA key. The company states that it is working to continuously improve the security of the MSA key management systems to ensure the safety and security of consumer keys.

Microsoft and other tech leaders in the industry have called for transparency concerning cyber incidents so that cybersecurity can continue to improve. The increased sophistication and volume of cyber attacks cannot be overlooked and tech organisations are seeing a greater need to share information in order to better protect cyber systems.

The consequences of the MOVEit ransomware attack for example highlight how back door cyberattacks on critical areas of business have potential to permanently impact organisations to the point of closure.

Share

Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI