Chinese Spies Used Forged Validation Tokens To Access Government Emails

Uploaded on 2023-08-03 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, INTELLIGENCE--International, FREE TO VIEW

Chinese hackers have gained access to email accounts at over two dozen organisations, including some US government agencies, in an apparent spying campaign aimed at acquiring sensitive information. 

Microsoft say that a Chinese cyber espionage group called Storm-0558, have used forged authentication tokens to hack into government email accounts and so far it is said that the breach had so far only affected unclassified systems.

Microsoft says it has completed mitigation measures for all customers and added substantial automated detections for known indicators of compromise associated with this attack to harden defenses and customer environments. “Storm-0558 primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access. Based on customer reported information on June 16, 2023, Microsoft began an investigation into anomalous mail activity,” Microsoft said in a statement.

The hackers got into to about 25 organisations, including government agencies and consumer accounts associated with the hacking method. The vulnerability that made the attack possible was reportedly discovered by the US government, specifically the US State Department.

The threat actor exploited a token validation issue in Outlook Web Access and Outlook.com, using a Microsoft account consumer signing key to forge the tokens. Microsoft took steps to mitigate the attack, and impacted customers have been notified. The Storm-0558 group primarily targets government agencies in Western Europe for cyber espionage and data theft.

In a separate incident, Microsoft identified a Russian threat actor known as Storm-0978 which exploited a zero-day vulnerability to target defense and government entities in Europe and North America.

Microsoft took steps to mitigate the attack, including blocking the usage of tokens signed with the compromised key and replacing the key itself. Impacted customers have been notified and provided with information needed for incident response.

Chinese hackers have also tried to steal sensitive data from dozens of manufacturing and technology firms in the US, Europe and Asia, in findings that casts light on China's use of hacking to promote its economic growth.

The US government has tightened cyber security rules for vendors whose software and hardware it uses. Government officials want to know whether the rules were not followed or need to be adjusted. 

Microsoft:   OodaloopCNN:     Security Week CyberNews:    WashPo:   Asahi:   Crast:    Image: mleckert82 

You Might Also Read:

Spy Agencies Warn Of New Threats From Chinese Hackers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« RomCom Hackers Target NATO Summit
WatchGuard Expands Identity Protection Capabilities »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation is Europe's leading centre for research & education in cybersecurity, cybercrime and digital forensics.

Security Stronghold

Security Stronghold

Security Stronghold is focused on protecting computers from malicious programs like viruses, Trojans, spyware, adware, trackware, keyloggers and other kinds of online threats.

CD Networks

CD Networks

CDNetworks is a global content delivery network with a fully integrated cloud security solution, offering unparalleled speed, security and reliability for the almost instant delivery of web content.

SureVine

SureVine

Surevine builds secure, scalable collaboration solutions for the most security conscious organisations, enabling collaboration on their most sensitive information.

NESECO

NESECO

NESECO is an IT security integration and consulting firm providing security products, solutions, support, consulting, and training services.

Altaro Software

Altaro Software

Altaro provide backup solutions that are intuitive, easy to use, well-priced and backed by outstanding 24/7 support as part of the package.

Secure Recruitment

Secure Recruitment

Secure Recruitment is a specialist Executive Search business that focuses its efforts on attracting specific exceptional talent in Cyber Security.

Kickstart

Kickstart

Kickstart supports your startup in scaling deep technology businesses in Switzerland in areas such as AI, Blockchain and Cybersecurity.

Injazat

Injazat

Injazat Data Systems is an industry recognized market leader in the Gulf region for Information Technology, Data Center and Managed Services.

ditno

ditno

ditno uses machine learning to help you build a fully governed and micro-segmented network. Dramatically mitigate risk and prevent lateral movement across your organisation – all from one centralised

Aegis Security

Aegis Security

Aegis Security helps clients to secure their systems against potential threats through pre-emptive measures, such as security assessments, and cutting-edge solutions to security challenges.

OnSecurity

OnSecurity

OnSecurity replaces the overhead of traditional penetration testing firms with a simple online interface, making it easy to book tests as and when needed.

Mindaro Insurance

Mindaro Insurance

Mindaro is adding the crucial piece of the cyber security puzzle that protects your organization from the financial ramifications of cyber attacks.

AB Handshake

AB Handshake

AB Handshake offers a game-changing solution for telecom service providers that eliminates fraud on inbound and outbound voice traffic.

Clarabot Nano

Clarabot Nano

Nano is the secure file sharing tool to improve content search, data access and collaboration between multiple parties.

Cylab - Carnegie Mellon University

Cylab - Carnegie Mellon University

Carnegie Mellon University CyLab is the University's security and privacy research institute.