According to Microsoft, hackers based in China have successfully infiltrated the email accounts of approximately 25 organizations, including government agencies.
Although Microsoft has not disclosed the location of the targeted government agencies, the US Department of Commerce has confirmed that Microsoft did alert them to the attack.
According to the reports, one person affected by the breach was Secretary of Commerce Gina Raimondo. The US media has also reported that hackers have targeted the State Department.
Microsoft said that the hacking group, which it called “Storm-0558”, forged digital authentication tokens, which are required by the system to verify someone’s identity. They then managed to access email accounts by bypassing the normal security measures.
The company said in an announcement: “Storm-0558 primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access”. It added that, according to its investigations, the breaches started in May.
Microsoft added that it has “mitigated the attack and has contacted impacted customers.” It says: “We added substantial automated detections for known indicators of compromise associated with this attack… and we have found no evidence of further access.”
In a statement, a US Department of Commerce spokesperson said: “Microsoft notified the Department of a compromise to Microsoft’s Office 365 system, and the Department took immediate action to respond. We are monitoring our systems and will respond promptly should any further activity be detected.”
Earlier in the year, spy agencies and Microsoft both claimed that Chinese hackers were attacking infrastructure on American military bases in Guam using very advanced malware, with many experts describing it as the “largest cyber espionage campaigns against the US”.
China has denied any involvement in hacking operations. The Chinese embassy in London responded to the claims by calling the US government “the world’s biggest hacking empire and a global cyber thief”, adding that the report is “highly unprofessional” and “disinformation”.