Chinese hackers gained access to the email accounts of 25 organizations, including US government agencies, using a security hole discovered in Microsoft's cloud platform.
As The Washington Post(Opens in a new window) reports, Microsoft confirmed it has mitigated the attack(Opens in a new window) by a China-based threat actor it refers to as Storm-0558. The affected accounts include those of "approximately 25 organizations including government agencies as well as related consumer accounts of individuals likely associated with these organizations."
The unauthorized access to the accounts was discovered by the US government, not Microsoft. National Security Council spokesman Adam Hodges said in a statement that, "Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service ... We continue to hold the procurement providers of the U.S. government to a high security threshold."
The hackers used forged Microsoft account (MSA) authentication tokens to gain access to email accounts through Outlook Web Access in Exchange Online (OWA) and Outlook.com(Opens in a new window). Microsoft issues and manages MSA (consumer) and Azure AD (enterprise) keys using separate systems and they should only be valid for their respective systems. However, the hackers were able to impersonate legitimate users by exploiting a token validation issue.
Read the full article HERE