Microsoft has said it mitigated attacks from “Chinese state-linked hackers” that targeted around 25 organisations including several US government agencies since 15 May 2023.

The company alleges that the China-based hacker group in question, known as Storm-0558, targeted a range of customer emails with its main target being government agencies in Western Europe and with a focus on espionage, data theft, and credential access.

The US State and Commerce departments have since issued statements confirming they were among the affected US agencies.

White House national security adviser Jake Sullivan reportedly told US TV program Good Morning America that the US detected a breach of federal government accounts "fairly rapidly" and managed to prevent further breaches.

According to the Washington Post, US secretary of commerce Gina Raimondo was one of the highest-profile US government officials targeted by the attacks.

The bad actors did this by using forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key, Microsoft said in a statement, noting that it has since completed mitigation of the attack for all customers.

In explaining its mitigation of the alleged account intrusions, Microsoft said a real-time investigation and collaboration with customers let us “apply protections in the Microsoft Cloud to protect our customers from Storm-0558’s intrusion attempts”.

Share Story: