Microsoft confirms that Chinese hackers breached the email accounts of more than two dozen organizations worldwide, including U.S. and Western European government agencies. The attacks were carried out by a threat group tracked as Storm-0558, who used an inactive consumer signing key to create tokens for Azure Active Directory and Microsoft accounts (MSA) to access online Outlook services.

Starting in May 2023, a Chinese hacking group known as Storm-0558 breached the email accounts of more than two dozen organizations worldwide, including U.S. and Western European government agencies. The hackers used this access to steal sensitive information, such as email messages, contacts, and calendars. They also used the accounts to send phishing emails to other organizations to spread the attack further.

Microsoft was able to identify the hackers as Storm-0558 because they used the same techniques and infrastructure in previous attacks. Storm-0558 is a well-known Chinese cyber-espionage group that has been active since at least 2016. They are believed to be affiliated with the Chinese government and have targeted a wide range of organizations, including government agencies, think tanks, and businesses.

Microsoft has since patched the vulnerability that allowed the hackers to access the accounts. They have also advised organizations to change their passwords and enable multifactor authentication for their Microsoft accounts.

Summary of the attack:

  • The hackers used an inactive consumer signing key to create tokens for Azure Active Directory and Microsoft accounts.
  • The tokens allowed the hackers to access the accounts and steal sensitive information.
  • The hackers also used the accounts to send phishing emails to other organizations.
  • Microsoft has since patched the vulnerability that allowed the hackers to access the accounts.
  • Organizations should change their passwords and enable multifactor authentication for their Microsoft accounts.

The attack on the email accounts of these organizations is a reminder of the importance of cybersecurity. Organizations need to be vigilant about protecting their data and systems from attack. They should also use strong passwords and enable multifactor authentication to make it more difficult for hackers to gain access.

Reach out to Messageware to improve Microsoft Exchange Server Security

If you are not protecting all the protocols used by your Exchange Server, you’re putting your company at a higher risk of a data breach.

Security incidents happen frequently. They cause disruption, loss of data and potentially risk the reputation of your company. However, if you implement these steps, you’re doing more than most other companies. Have you heard about Messageware’s EPG that offers advanced Exchange Server security to protect organizations from a variety of logon and password attacks, as well as extensive real-time reporting and alerts of suspicious logon activity? Click here to learn more.