Microsoft reported Tuesday that Chinese intelligence hacked emails belonging to the U.S. State Department, along with about two dozen government agencies in both the United States and Western Europe, in what is being described as a “significant” security breach.
According to Microsoft, Storm-0558, a China-based actor, targeted customer emails beginning on May 15, 2023.
“Storm-0558 primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access,” Microsoft stated.
After customers reported suspicious activities on June 16, Microsoft launched an investigation into “anomalous mail activity.” During the course of its investigation, Microsoft discovered that Storm-0558 gained access to the email accounts of roughly 25 organizations, impacting both government agencies and the related consumer accounts of people “likely associated” with the government agencies.
“They did this by using forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key,” Microsoft said.
Microsoft announced Tuesday that the company has “completed mitigation” for the Chinese cyber hack “attack” on its customers. Cloud’s Mandiant senior vice president and chief technical officer Charles Carmakal congratulated Microsoft for “leaning in” “remediating,” and “being transparent” about the security breach.
Carmakal explained, “This was a very advanced technique used by the threat actor against a limited number of high value targets.”
Select Committee on Intelligence Chairman Sen. Mark Warner (D-Va.) announced Wednesday that the committee is “closely monitoring” the “significant cybersecurity breach.”
He added, “It’s clear that the PRC is steadily improving its cyber collection capabilities directed against the U.S. and our allies. Close coordination between the U.S. government and the private sector will be critical to countering this threat.”
A spokesperson for the State Department told confirmed to CNBC that the department had been impacted by the hack, noting that after it “detected anomalous activity,” the department immediately took steps to secure its systems. The spokesperson noted that the State Department will “continue to closely monitor and quickly respond to any further activity.”
According to CNBC, the recent hack by a Chinese entity aligns with the ongoing pattern of Chinese organizations attempting to steal critical government and corporate information through intelligence hacks.