Microsoft says the recent leaked hack by hackers from China targeting senior officials at the State Department and the US Department of Commerce, stemmed from an attack on the account of a working engineer. at Microsoft, according to Reuters.
Microsoft said this engineer’s account was hacked by a hacker group called Storm-0558. The group is believed to have stolen hundreds of thousands of emails from top US officials, including Commerce Secretary Gina Raimondo, US Ambassador to China Nicholas Burns, and Assistant Secretary of State for East Asia Daniel Kritenbrink .
security The blog post addresses a number of unanswered questions surrounding the incident, which has drawn new scrutiny efforts into Microsoft and led to calls for an investigation into Microsoft’s practices. company, according to Reuters.
Notably, the post explained how hackers could extract the cryptographic key from the engineer’s account and use it to access email accounts.
Microsoft said it fixed the bugs that made the key accessible from the engineer’s account. Access cracking gives hackers a wide range to steal emails.
A Microsoft representative said the engineer’s account was hacked using “token-stealing malware” but did not provide further details about the incident or when it occurred.
The Chinese embassy in Washington did not respond to an email requesting comment from Reuters. Beijing has previously described accusations it stole emails from top US officials as “baseless stories”.