When China’s Storm-0558 hackers breached Microsoft’s cloud-based Exchange email platform last May, they stole 60,000 unclassified emails from US State Department employees.
The breach was confirmed at a recent Senate staff briefing, which added that the compromised personnel were located in East Asia, the Pacific and Europe, focusing primarily on diplomacy work in the Indo-Pacific region. The threat actors also found a list of all the department’s email accounts.
“We must strengthen our defenses against these types of cyber attacks and intrusions in the future, and we must examine the federal government’s reliance on a single vendor as a potential weakness,” Senator Eric Schmitt said in a statement.
Espionage and data theft
During a media conference, State Department spokesman Matthew Miller emphasized that classified systems had not been breached. Discussing the attackers, it was said that the State Department would confirm Microsoft’s previous conclusions that Storm-0558 was behind the intrusion.
“We have not made any attribution at this time, but as I said before, we have no reason to doubt the attribution that Microsoft has made publicly. Once again, this was a hack of Microsoft systems that the State Department discovered and notified Microsoft. “
When news of the hack first broke in mid-July 2023, it was reported that hackers had gained access to around 25 accounts of US government officials. It was the State Department that notified Microsoft of the breach, and it took the software giant a few weeks to discover how exactly the hackers obtained a consumer key needed to carry out the hack.
Storm-0558 is a threat actor that typically focuses on espionage, data theft and… reference access, against entities in Western Europe.
Through BleepingComputer