China-based hackers breach govt e-mails in Western Europe, Microsoft says

Microsoft said the China-based hacker group forged the authentication tokens needed to access user e-mail accounts. PHOTO: ST FILE
Updated
Jul 12, 2023, 05:35 PM
Published
Jul 12, 2023, 05:35 PM

WASHINGTON – A China-based hacking group intent on conducting espionage breached a series of e-mail accounts linked to government agencies in Western Europe, according to Microsoft.

In a blog post published on Tuesday night, Microsoft said the group that it identified as Storm-0558 was able to remain undetected for a month after gaining access to e-mail data from around 25 organisations in mid-May.

The software company discovered the breach only following an investigation in mid-June, after being alerted by customer reports about abnormal e-mail activity.

“We assess this adversary is focused on espionage, such as gaining access to e-mail systems for intelligence collection,” Mr Charlie Bell, an executive vice-president at Microsoft, wrote in another post.

Storm-0558 carried out the attack by forging the authentication tokens needed to access user e-mail accounts, he added. Microsoft has since notified the affected customers and completed mitigation efforts, the company said.

The disclosure comes not long after Microsoft co-founder Bill Gates met Chinese President Xi Jinping in Beijing. The two talked primarily about cooperation around Mr Gates’ philanthropic efforts to prevent and eradicate communicable diseases.

Microsoft said it has partnered with the United States Department of Homeland Security’s cyber defence agency to address the breach and would continue to investigate and monitor the China-based group.

The company has added “substantial automated detections” for signs of system compromise to strengthen its defences.

Asked about the findings, China’s Foreign Ministry spokesman Wang Wenbin said at a regular briefing on Wednesday that the US National Security Council was the source of the hacking claims, and accused the US of being the world’s largest source of hacking.

This is the latest discovery of a China-based threat actor conducting cyber attacks seeking sensitive information.

In May, Microsoft said a Chinese state-sponsored hacking group known as Volt Typhoon gained access to infrastructure organisations in Guam and elsewhere in the US, with the likely goal of disrupting critical communications. BLOOMBERG

More On This Topic
US State Department warns China could hack infrastructure, including pipelines, rail systems
China-sponsored cyber actor targeting critical US infrastructure, say intelligence agencies

Join ST's Telegram channel and get the latest breaking news delivered to you.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top