Microsoft Security has exposed a massive cyberattack by a Chinese group that hacked into the email accounts of dozens of U.S. government agencies and other organizations. The tech giant named the group Storm-0558 and said it was acting on behalf of the Chinese government to spy on its targets.
In a blog post, Microsoft said that the hackers exploited a flaw in its email security service to access the email accounts of about 25 organizations, including government agencies, think tanks, law firms, and NGOs. The hackers also targeted the personal accounts of some individuals associated with these organizations.
“The threat actor Microsoft links to this incident is an adversary based in China that Microsoft calls Storm-0558. We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection. This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems.”
Microsoft said that it has been working closely with the affected customers to notify them and help them secure their systems. It also released a patch to fix the vulnerability and urged all its customers to apply it as soon as possible. Chinese officials have denied any involvement in these attacks and has accused U.S. cybersecurity firms of fabricating evidence and colluding with the U.S. government to slander China.
Timeline of Events
- May 2023: Chinese hackers begin targeting email accounts of organizations in the defense, energy, and financial sectors.
- June 2023: Microsoft discovers the attack and begins notifying the affected organizations.
- July 12, 2023: Microsoft publishes a security advisory about the attack.
The latest revelation by Microsoft Security highlights the growing cyberthreats posed by nation-state actors and the need for stronger cybersecurity measures and international collaboration to prevent such attacks from undermining global security and stability. Cyber warfare is becoming more sophisticated and dangerous as hackers use advanced tools and techniques to infiltrate networks and steal sensitive information.
