Chinese hackers breached an assortment of US federal agencies in May and June along with European government offices, and new information indicates that the damage was greater than initially thought. The campaign may have impacted hundreds of thousands of accounts in total, including Ambassador to China Nicholas Burns.
Cyber espionage campaign facilitated by stolen Microsoft key
The good news is that the cyber espionage campaign appears to have only accessed unclassified email accounts, at least according to officials. The Chinese hackers may have been able to exfiltrate a lot of raw information, but may well only come up with a little bit of meaningful intelligence from it.
Microsoft had a signing key somehow stolen, and they have named a team of Chinese hackers called “Storm-0558” as the perpetrators. Microsoft’s security team names them as a state-backed threat based on an assortment of factors, not the least of which is activities that overlap with other known hacking teams in the country.
It is unusual for a tech company of Microsoft’s prominence to be breached in this way, but Microsoft’s own security tools were actually more than capable of protecting their cloud services customers from the aftereffects. The problem is that the advanced logging tool that would have quickly revealed this sort of unauthorized access is part of a “premium” paid tier of service, though pressure from the government has now prompted Microsoft to consider ways in which this tool can be accessed for free. Changes are slated for the coming months.
Chinese hackers continue to plague not just governments in the US and Europe, but also private companies in numerous regions. China’s teams are quick to jump on new exploits that are discovered, and deploy them broadly to gather intelligence from enterprises in many different industries. The country’s cyber espionage program has demonstrated an interest in everything from travel records to credit reports and health care files.
Persistent, stealthy Chinese hackers test US defensive capability
Commerce Secretary Gina Raimondo was previously named as a target of the cyber espionage campaign, but officials have now revealed that Burns and assistant secretary of state for East Asia Daniel Kritenbrink also had their email accounts breached by the Chinese hackers.
The hackers were able to use forged authentication tokens to access Outlook email accounts via the web. The cyber espionage campaign included at least 25 organizations as described in the original reporting, but the new information about hundreds of thousands of accounts impacted points to the possibility of that number being higher as well.
The news follows a mid-June report that Chinese hackers were behind a breach of Barracuda Networks that impacted hundreds of organizations, and that they made use of Microsoft Exchange vulnerabilities to conduct a similarly broad campaign in 2021. Hackers working for the Chinese military have also been indicted for the 2017 breach of Equifax, which exposed the Social Security numbers and credit reports of nearly half of the entire population of the country.