Microsoft has just reported that a group of hackers believed to be from China called Storm-0558 have accessed government email accounts in the US and Western Europe as part of espionage.
According to Neowin, the attack was only discovered by Microsoft after a month of operation with the goal of attacking email accounts used by about 25 organizations, including government agencies and consulting organizations. Hackers can steal sensitive information such as emails, documents, and passwords
The company claims it has notified affected organizations and taken steps to mitigate the damage. The company also emphasized cooperation with law enforcement to investigate the hack. In its blog post, Microsoft explains, the hacker used the obtained MSA key to forge tokens to access OWA and Outlook.com. MSA (consumer) and Azure AD (enterprise) keys issued and managed from separate systems are only valid for their respective systems.
“The crooks exploited the token authentication issue to impersonate an Azure AD user and gain access to business mail. We have no indication that the Azure AD key or any other MSA key was stolen. used by this agent,” the company continued.
Microsoft has partnered with the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Agency (CISA) to address affected customers. Such customers or organizations have been contacted directly, Microsoft added.
Storm-0558 is a well-known hacking group that has been active for several years. The group is linked to a number of high-profile hacks, for example, the one just reported by Microsoft