Chinese Spies Used Forged Validation Tokens To Access Government Emails

Uploaded on 2023-08-03 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, INTELLIGENCE--International, FREE TO VIEW

Chinese hackers have gained access to email accounts at over two dozen organisations, including some US government agencies, in an apparent spying campaign aimed at acquiring sensitive information. 

Microsoft say that a Chinese cyber espionage group called Storm-0558, have used forged authentication tokens to hack into government email accounts and so far it is said that the breach had so far only affected unclassified systems.

Microsoft says it has completed mitigation measures for all customers and added substantial automated detections for known indicators of compromise associated with this attack to harden defenses and customer environments. “Storm-0558 primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access. Based on customer reported information on June 16, 2023, Microsoft began an investigation into anomalous mail activity,” Microsoft said in a statement.

The hackers got into to about 25 organisations, including government agencies and consumer accounts associated with the hacking method. The vulnerability that made the attack possible was reportedly discovered by the US government, specifically the US State Department.

The threat actor exploited a token validation issue in Outlook Web Access and Outlook.com, using a Microsoft account consumer signing key to forge the tokens. Microsoft took steps to mitigate the attack, and impacted customers have been notified. The Storm-0558 group primarily targets government agencies in Western Europe for cyber espionage and data theft.

In a separate incident, Microsoft identified a Russian threat actor known as Storm-0978 which exploited a zero-day vulnerability to target defense and government entities in Europe and North America.

Microsoft took steps to mitigate the attack, including blocking the usage of tokens signed with the compromised key and replacing the key itself. Impacted customers have been notified and provided with information needed for incident response.

Chinese hackers have also tried to steal sensitive data from dozens of manufacturing and technology firms in the US, Europe and Asia, in findings that casts light on China's use of hacking to promote its economic growth.

The US government has tightened cyber security rules for vendors whose software and hardware it uses. Government officials want to know whether the rules were not followed or need to be adjusted. 

Microsoft:   OodaloopCNN:     Security Week CyberNews:    WashPo:   Asahi:   Crast:    Image: mleckert82 

You Might Also Read:

Spy Agencies Warn Of New Threats From Chinese Hackers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« RomCom Hackers Target NATO Summit
WatchGuard Expands Identity Protection Capabilities »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Academic Centres of Excellence in Cyber Security Research

Academic Centres of Excellence in Cyber Security Research

The ACE-CSRs scheme is part of the UK Government’s National Cyber Security Strategy, working with academia and industry to make the UK more resilient to cyber attacks.

European Cyber Security Organisation (ECSO)

European Cyber Security Organisation (ECSO)

The main objective of ECSO is to support all types of initiatives or projects that aim to develop, promote and encourage European cybersecurity.

Redbud

Redbud

Redbud is a specialist search and recruitment firm for Information Security professionals.

Seceon

Seceon

Seceon OTM, is a cyber security advanced threat management platform that visualizes, detects, and eliminates threats in real time.

Nexus Group

Nexus Group

Nexus Group develops identity solutions for physical and digital access.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

DeuZert

DeuZert

DeuZert is an accredited German certification body in accordance with ISO/IEC 27001 (Information Security Management).

Department of Justice - Office of Cybercrime (DOJ-OOC) - Philippines

Department of Justice - Office of Cybercrime (DOJ-OOC) - Philippines

The Office of Cybercrime within the Philippines Department of Justice is the Central Authority in all matters relating to international mutual assistance and extradition for cybercrime.

eResilience

eResilience

eResilience is a division of Referentia Systems, a pioneer in an ultra-secure information safeguarding technique known as “Enclaving”, in which data can be segmented and protected within a network.

Cyber Ireland

Cyber Ireland

Cyber Ireland brings together Industry, Academia and Government to represent the needs of the Cyber Security Ecosystem in Ireland.

Clear Skye

Clear Skye

Clear Skye, an Identity Access and Management (IAM) software company, reimagines enterprise identity access and risk management software to make a complicated problem easier to manage.

Purism

Purism

Purism works with hardware component manufactures and the free software community to build high quality hardware that respects your digital life.

Certihash

Certihash

Certihash have developed the world’s first blockchain empowered suite of information security tools based on the NIST cybersecurity framework.

Marlink

Marlink

Marlink smartly integrates hybrid, future-ready network solutions so you can benefit from the best available connectivity and IT to accelerate your digitalisation and empower your remote operations.

Binarii Labs

Binarii Labs

Binarii are focused on helping enterprises to design and deploy SaaS solutions that utilise DLT (Digital Ledger Technology) effectively, efficiently and sensibly.

Proaxiom

Proaxiom

Proaxiom are focused on erasing cyber driven panic paralysis for Small and Medium Enterprises through brilliant cyber technologies which drive productivity and support growth.