Chinese Spies Used Forged Validation Tokens To Access Government Emails

Uploaded on 2023-08-03 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, INTELLIGENCE--International, FREE TO VIEW

Chinese hackers have gained access to email accounts at over two dozen organisations, including some US government agencies, in an apparent spying campaign aimed at acquiring sensitive information. 

Microsoft say that a Chinese cyber espionage group called Storm-0558, have used forged authentication tokens to hack into government email accounts and so far it is said that the breach had so far only affected unclassified systems.

Microsoft says it has completed mitigation measures for all customers and added substantial automated detections for known indicators of compromise associated with this attack to harden defenses and customer environments. “Storm-0558 primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access. Based on customer reported information on June 16, 2023, Microsoft began an investigation into anomalous mail activity,” Microsoft said in a statement.

The hackers got into to about 25 organisations, including government agencies and consumer accounts associated with the hacking method. The vulnerability that made the attack possible was reportedly discovered by the US government, specifically the US State Department.

The threat actor exploited a token validation issue in Outlook Web Access and Outlook.com, using a Microsoft account consumer signing key to forge the tokens. Microsoft took steps to mitigate the attack, and impacted customers have been notified. The Storm-0558 group primarily targets government agencies in Western Europe for cyber espionage and data theft.

In a separate incident, Microsoft identified a Russian threat actor known as Storm-0978 which exploited a zero-day vulnerability to target defense and government entities in Europe and North America.

Microsoft took steps to mitigate the attack, including blocking the usage of tokens signed with the compromised key and replacing the key itself. Impacted customers have been notified and provided with information needed for incident response.

Chinese hackers have also tried to steal sensitive data from dozens of manufacturing and technology firms in the US, Europe and Asia, in findings that casts light on China's use of hacking to promote its economic growth.

The US government has tightened cyber security rules for vendors whose software and hardware it uses. Government officials want to know whether the rules were not followed or need to be adjusted. 

Microsoft:   OodaloopCNN:     Security Week CyberNews:    WashPo:   Asahi:   Crast:    Image: mleckert82 

You Might Also Read:

Spy Agencies Warn Of New Threats From Chinese Hackers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« RomCom Hackers Target NATO Summit
WatchGuard Expands Identity Protection Capabilities »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

authen2cate

authen2cate

Authen2cate offers a simple way to provide application access with our Identity and Access Management (IAM) solutions for enterprise, small business, and individual customers alike.

Berkman Klein Center for Internet & Society

Berkman Klein Center for Internet & Society

The Berkman Klein Center for Internet & Society is a research center at Harvard University that focuses on the study of cyberspace.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

Redbud

Redbud

Redbud is a specialist search and recruitment firm for Information Security professionals.

Telesoft Technologies

Telesoft Technologies

Telesoft Technologies is a global provider of cyber security, telecom and government infrastructure products and services.

Cyber Defense Labs

Cyber Defense Labs

Cyber Defense Labs helps companies identify, mitigate and reduce risk as a trusted, reliable partner for cyber risk management.

Estio Training

Estio Training

Estio Training is a specialist digital and IT apprenticeships provider, dedicated to introducing new skills and developing existing talent in businesses across the UK.

Kindus

Kindus

Kindus is an IT security, assurance and cyber security risk management consultancy.

Networks Unlimited

Networks Unlimited

Networks Unlimited is a leading value-added distributor in Africa, providing technology solutions with a focus on security, networking, enterprise systems management and cloud technologies.

Ridge Canada Cyber Solutions

Ridge Canada Cyber Solutions

Ridge Canada helps insurance brokers and insurance buyers understand, evaluate, and secure cyber coverage that is tailored to their business.

Stripe OLT

Stripe OLT

At Stripe OLT, we provide complete business technology solutions - Our team has an unrivalled reputation as a Microsoft Gold Partner, specialising in secure, cloud-first technology.

WiebeTech

WiebeTech

WiebeTech’s line of digital forensics tools provide innovative and rugged devices for efficient disk imaging and evidence capture.

Vertex Cyber Security

Vertex Cyber Security

Vertex provide Cyber Security Services to small to large businesses including Advise, Consulting, Adding Security Partnership, Penetration Testing, ISO 27001-2 and Audits.

TrueBees

TrueBees

TrueBees is the first deepfakes detector able to detect AI-generated portraits shared on social media and to prevent their diffusion across the web.

ITButler e-Services

ITButler e-Services

At IT Butler, our mission is crystal clear: we are dedicated to providing top-tier cybersecurity solutions and best-practice methodologies to secure and enhance your digital infrastructure’s resilienc

SECQAI

SECQAI

At SECQAI we create dual-use hardware and software to enable the future of computing.

Securitybricks

Securitybricks

Securitybricks specialize in cloud security and compliance. Our mission is to automate regulatory compliance backed by human validation.