Hackers gain access to Microsoft Cryptographic Key to spy on US Govt Departments


In a concerning cybersecurity development, it appears that hackers with potential ties to Beijing managed to breach the cryptographic key of Microsoft Accounts. This unauthorized access allowed them to conduct surveillance on various U.S. government agencies. Reports indicate that this breach was carried out by a hacking group known as Storm-0558 in April 2021, and they successfully monitored the online activities of approximately 25 organizations.

What makes this intrusion particularly troubling is that neither the system administrators nor the threat monitoring solutions were able to detect the attack, as it was carried out covertly.

Delving into the specifics of the attack, it originated in early 2021 when a software bug caused a system crash. This crash led to the exposure of data and applications stored in a less secure location. Seizing this opportunity, cybercriminals managed to obtain the credentials of an engineer responsible for the access-controlled production environment. With these stolen credentials, they infiltrated Microsoft’s Exchange Online and Outlook environments.

It wasn’t until a series of audits that the technology giant detected this anomaly in July 2023 and promptly took corrective measures.

On September 6th, 2023, Microsoft disclosed that Storm-0558 had gained access to the debugging environment, enabling them to acquire counterfeit digital authentication tokens. This breach potentially allowed them to access sensitive information from the Microsoft Outlook email accounts of government officials, including U.S. Ambassador to China Nicholas Burns, Assistant Secretary of State for East Asia Daniel Kritenbrink, and Commerce Secretary Gina Raimondo.

It’s important to note that Storm-0558 is not a weather-related storm-chasing unit, as one might assume from the name. Instead, it is a hacking group believed to have ties to Chinese intelligence. Online communities, such as Reddit users, should take note of this newly identified hacking group and refrain from associating them with storm-chasing units featured on Discovery or National Geographic Channels.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display