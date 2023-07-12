Listen 1 min Comment on this story Comment Gift Article Share

Chinese cyberspies exploited a significant gap in Microsoft’s cloud enabling them to hack a limited number of unclassified U.S. email accounts — a gap officials said was discovered by the U.S. government. Wp Get the full experience. Choose your plan ArrowRight The security issue was discovered last month after U.S. officials found intrusions into the unclassified systems. “Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” White House National Security Council spokesman Adam Hodges said. “We continue to hold the procurement providers of the U.S. government to a high security threshold.”

Microsoft late Tuesday disclosed that it had mitigated an attack by “a China-based threat actor” that primarily targets government agencies in Western Europe and focuses on espionage and data theft.

The tech giant said it began an investigation after being notified in mid-June. The probe revealed that the hackers, whom Microsoft is calling Storm-0558, gained access to email accounts affecting about 25 organizations, including government agencies.

They did this by using forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key, according to a blog written by Charlie Bell, Microsoft security executive vice president.

Microsoft has completed mitigation of this attack for all customers, he added in the blog.

This story is breaking and will be updated.

Gift this article Gift Article