Microsoft logo with green code in the background

Government email accounts breached in Microsoft hack

Image credit: Dreamstime and Canva

Microsoft said that China-based hackers have gained access to the email accounts of 25 organisations, in a report which China has dismissed as "disinformation".

Microsoft has identified 'Storm-0558' as responsible for the hacking of email accounts, including some linked to US and Western Europe government agencies. 

Email accounts belonging to US State Department and Commerce Secretary Gina Raimondo were reportedly affected, The Washington Post has reported, citing official sources.

"The threat actor Microsoft links to this incident is an adversary based in China that Microsoft calls Storm-0558," the company said in a blog post late Tuesday, July 12th."Storm-0558 primarily targets government agencies in Western Europe and focuses on espionage, data theft and credential access."

Microsoft’s executive vice president of security, Charlie Bell, said the hacking group is focused on "espionage" and implied that the goal of the attack could have been "intelligence collection”. 

Chinese foreign ministry spokesman Wang Wenbin said the accusation is “disinformation” aimed at diverting attention from US cyber attacks on China.

“No matter which agency issued this information, it will never change the fact that the United States is the world’s largest hacker empire conducting the most cyber theft,” Wenbin said. 

“Since last year, the cyber-security organisations of China and other countries have issued many reports exposing the cyber attacks on China by the US government over a long period of time, but the US has not made a response so far."

The breach was detected weeks later when customers complained to Microsoft about abnormal email activity. The company explained the Storm-0558 hackers used forged authentication tokens to access the email accounts. 

Microsoft did not identify the targets, but The Washington Post identified them as unclassified and "Pentagon, intelligence community and military email accounts did not appear to be affected."

A US State Department spokesperson later said the department had "detected anomalous activity" and had taken "immediate steps to secure our systems."

"As a matter of cyber-security policy, we do not discuss details of our response and the incident remains under investigation," the spokesperson said.

US National Security Adviser Jake Sullivan addressed the hack in an appearance on Wednesday on ABC's Good Morning America.

"We were able to prevent further breaches," Sullivan said. "The matter is still being investigated, so I have to leave it there because we're gathering further information in consultation with Microsoft and we will continue to apprise the public as we learn more."

Microsoft said it dealt with the attack and informed affected customers.

The company is currently working with the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency, among others, to guard against such attacks. It also said it will continue to monitor Storm-0558’s activities.

Last November, the Australian Signals Directorate’s latest annual cyber threat report warned that cyber attacks from criminals and state-sponsored groups had significantly increased in the past financial year, turning the cyber space into “the domain of warfare”.

This rise in cyber crime has affected governments and organisations across the world. The UK’s NHS, the US’s Apple, and even the Albanian government have all suffered severe cyber attacks that have disrupted their services and put their users’ personal information at risk.

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles