Chinese Hackers Found to Have Infiltrated The U.S. Government

The hacking group responsible, “Storm-0558”, compromised and breached 25 email accounts belonging to U.S. Government employees. This cyber attack included government agencies, as well as related consumer accounts linked to individuals associated with these organisations. Microsoft has not identified the government agencies targeted by “Storm-0558”. 

Adam Hodge, a spokesperson for the White House’s National Security Council, confirmed to TechCrunch in a statement that several U.S. government agencies were affected. “Last month, U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems,” Hodge said. “Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service. We continue to hold the procurement providers of the U.S. government to a high-security threshold.”

Microsoft’s investigation found that “Storm-0558” managed to breach email accounts by using ‘Exchange Online (OWA)’ and ‘Outlook.com’ using ‘Outlook Web Access’. The hackers gained unauthorised entry by creating fake authentication tokens to mimic legitimate user accounts posing as Azure AD users. It was further revealed that the group obtained a signing key for Microsoft's consumer services to forge the tokens. 

Statement was released by Microsoft’s top cybersecurity executive, Charlie Bell, following the investigation. “We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection. This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems.”

It was revealed that these malicious activities of “Storm-0885” were deployed for up to a month before being found. 

A "targeted campaign" lasting a month, was the description given by a senior FBI official during a TechCrunch briefing on Wednesday. The FBI official didn’t want to disclose the exact number of victims but had mentioned that fewer than ten government agencies were affected. 

The fact that these malicious activities went undetected for up to a month highlights the importance of cyber security awareness. As cyber threats continue to evolve, governments and organisations must remain vigilant and take proactive steps to improve their cybersecurity posture in the modern digital age.

Your Security is our Priority

Your friendly Support Team

Speak to us about all your computer needs

This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.