Chinese hackers exploit Microsoft cloud bug to raid US government email accounts, including the Commerce Secretary's
The email accounts of multiple senior United States government officials, including Secretary of Commerce Gina Raimondo,
have been hacked by a group suspected of being backed by the Chinese Communist Party in Beijing.
The hacking group, known as Storm-0558,
compromised at least 25 email accounts, including that of Raimondo, multiple
Department of State officials and several government agencies. (Related:
Several federal agencies HACKED as part of global cyberattack that exploited a flaw in popular file-sharing software.)
A statement from Microsoft indicated that the hacking group
forged digital authentication tokens to access the email accounts through the company's email and personal information management software, Outlook. The hacks allegedly started in May.
"As with any observed nation-state actor activity, Microsoft has contacted all targeted or compromised organizations directly via their tenant admins and provided them with important information to help them investigate and respond," said Microsoft in a statement. This statement did not divulge which other government agencies or officials had been affected by the hack.
"We assess this adversary is
focused on espionage, such as gaining access to email systems for intelligence collection," warned Executive Vice President of Microsoft Security Charlie Bell. "This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems."
White House National Security spokesperson Adam Hodge noted that the hack was initially identified by government safeguards last month, approximately one month after Microsoft discovered the hack.
Latest hack warns of increasing sophistication in Chinese infiltration attempts
National Security Agency Deputy Director George Barnes warned that China's hacker army used to be "noisy" and "rudimentary," but this most recent intrusion into government emails represents a new sophistication in Beijing's attempts to infiltrate government cyber systems. He further warned that this level of sophistication among Chinese hacker groups is likely to continue increasing.
The
Wall Street Journal reported that the advances in Chinese hacking technology appear to be "driven by necessity" as competition between the U.S. and China rises to its fiercest in decades.
Beijing is eager for intelligence on what Washington is thinking and doing, but recent advances in American cybersecurity systems is forcing Chinese hacking groups to be more discriminating about when and how they break in. And heightened geopolitical tensions mean their attacks tend to be quieter and are less likely to be noticed quickly.
In this latest attack, the Chinese hackers gained access to the backdoor of Microsoft's cryptographic protection system and then used it to produce digital tokens to access the protected emails.
"They're hitting where the log data doesn't exactly light up like a siren to tell you what's wrong," noted Matt Durrin, director of training and research at the Missoula, Montana-based security consulting firm LMG Security.
For its part, the Chinese have denied accusations that it sponsored the hacking group, calling it "disinformation." Beijing further accused the U.S. government of being "the world's biggest hacking empire and global cyber thief."
China's reaction is routine for cyber attacks, as it regularly denies any and all involvement in potentially
state-sponsored hacking operations regardless of the weight of evidence.
Watch this report from
Fox News discussing in detail how
cyberattackers are now stealing very classified information from government agencies and private companies alike.
This video is from the
News Clips channel on Brighteon.com.
More related stories:
"White hat" hacker dismantles world's largest pedophile ring, sends child rapists to prison.
Over 6M public records from motor vehicles office in Louisiana exposed to MOVEit hackers.
US govt. agencies hit in global "cyberattack" after pro-Russia "hacktivist" group threatens to take down entire European banking system.
Cybersecurity official warns: Americans must prepare for CYBERATTACKS from Chinese hackers.
More sophisticated Chinese cyberattacks target US firms, government agencies, defense contractors.
Sources include:
WSJ.com
TechCrunch.com
Reuters.com
Brighteon.com