Microsoft recently thwarted a group of **hackers**, referred to as Storm-0558, from gaining unauthorized access to email accounts belonging to approximately 25 organizations, including government agencies.
How Hackers Breached Email Accounts
Microsoft initiated an investigation into anomalous activity in certain email accounts on June 16 after receiving reports from customers. According to a blog post by Microsoft, their investigation revealed that the hacking group Storm-0558 took advantage of a vulnerability to create counterfeit authentication tokens, allowing them entry into organizations’ Microsoft 365 accounts. The hackers exploited a compromised Microsoft consumer account signing key to impersonate users and gain access to email accounts through services like Outlook Web Access and Outlook.com.
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI jointly released an advisory disclosing suspicious activity in their Microsoft 365 logs. Following the investigation, it was discovered that advanced persistent threat actors had infiltrated Exchange Online Outlook accounts and exfiltrated data.
Understanding Storm-0558
As per Microsoft’s actor profile of Storm-0558, this group is a China-based nation-state activity group specializing in espionage, data theft, and unauthorized access to credentials. They employ custom malware known as Cigril and Bling, which Microsoft tracks for credential access.
Resolving the Issue
In light of the attack, CISA and the FBI advised organizations utilizing Exchange Online to enhance monitoring and logging capabilities. Their recommendations include enabling advanced audit logging features and gaining insight into standard cloud traffic patterns. Microsoft declared that it has effectively resolved the issue and prevented further access from the hackers. The company is currently working with affected customers and has notified them prior to making a public disclosure. Microsoft confirms that no evidence of the hackers’ presence in corporate systems has been found.
Preventing Future Cyberattacks
This recent incident highlights the growing number of cyberattacks affecting organizations worldwide. U.S. Senator Mark R. Warner, Chairman of the Senate Select Committee on Intelligence, expressed concern regarding the cyberattack and the measures required to prevent future occurrences. He emphasized the significance of close collaboration between the U.S. government and the private sector in countering this evolving threat from Chinese intelligence. Microsoft intends to reinforce security measures pertaining to account keys and tokens to stay ahead of evolving cyber risks. The company stresses the need for continuous collaboration and transparency to bolster defenses across the technology industry against sophisticated hacking campaigns.
Featured image: Koshiro K/Shutterstock
Looking for reliable SEO services to enhance your website’s visibility and safeguard against potential cyber threats? Consider partnering with SEO Augusta for top-notch SEO services.
