A cyberattack attack on Microsoft originating in China breached government email accounts, the company reported late Tuesday. The threat, labeled Storm-0558, has mainly targeted Western Europe government agencies using espionage to steal data and credentials access.
Microsoft opened an investigation into concerning mail activity on June 16 following complaints of compromised consumer accounts affecting roughly 25 organizations beginning on May 15. According to the internal investigation, Microsoft said Storm-0558 gained access to users’ emails by forging authentication tokens to obtain Microsoft account consumer signing key.
“Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” National Security Council spokesman Adam Hodges told The Washington Post. “We continue to hold the procurement providers of the U.S. government to a high-security threshold.”
Microsoft said in its report that it has mitigated the threat and notified all organizations including government agencies that were affected, and said all activities by Storm-0558 have been blocked. To further protect users, Microsoft said: “We have continuously improved the security of the MSA key management systems since the acquired MSA key was issued, as part of defence in depth, to ensure the safety and security of consumer keys.”
Microsoft did not say if the Chinese government was involved in the cyberattack, but a Chinese foreign ministry spokesman, Wang Wenbin said in a routine briefing any accusation that its government was involved is “disinformation,” AP News reported. He redirected the accusations of cyberattacks to the U.S. in a routine briefing, backing the narrative China has spun since its spy balloon was shot down off the coast of South Carolina in February.
“No matter which agency issued this information, it will never change the fact that the United States is the world’s largest hacker empire conducting the most cyber theft,” Wang said. “Since last year, the cybersecurity organizations of China and other countries have issued many reports exposing the cyberattacks on China by the U.S. Government over a long period of time, but the U.S. has not made a response so far,” he added.
The cyberattack comes as the U.S. has tried to repair relations with China after tensions rose over Beijing’s efforts to undermine Taiwan’s independence by asserting its military force against the country, which it sees as being a break-away province that will one day be reunited with China.
In a previous showdown with the U.S., China accused the government leaders of espionage and hacking attempts amid the spy balloon debacle earlier this year, which revealed China was using the balloon to gain military and government intelligence.
The FBI is currently investigating the Storm-0558 attack and Microsoft is working with agencies including the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency to implement safeguards against future attacks.