Chinese Hackers Breached Organizations, US Government Via Microsoft Cloud Security Hole

Russian hackers used unpatched Microsoft flaw to target Summit attendees, Silk Road player sentenced to 20 years, Microsoft releases 130 patches, Security engineer charged in DEX theft, much more

Photo by Christian Lue on Unsplash

Chinese cyberspies dubbed Storm-0558 exploited a fundamental gap in Microsoft’s cloud, which affected US government systems, enabling them to conduct a targeted hack of unclassified email accounts.

One source said the number of US email accounts believed to be affected so far is limited, and the attack appeared targeted, though an FBI investigation is ongoing.

Microsoft disclosed that it had mitigated an attack by “a China-based threat actor” that primarily targets government agencies in Western Europe and focuses on espionage and data theft. The tech giant said it began an investigation after being notified in mid-June by the US government and revealed that the hackers gained access to email accounts affecting about 25 organizations, including government agencies.

The attackers gained access using forged authe…