Microsoft announced that it recently blocked a group of hackers, which it called Storm-0558, that accessed email accounts belonging to about 25 organizations, including government agencies.
How hackers gained access to email accounts
In a blog entryMicrosoft said it began investigating abnormal activity on some email accounts on June 16 after being notified by customers.
His research revealed this beginning May 15hacking group exploited a vulnerability to forge authentication tokens and gain access to organizations’ Microsoft 365 accounts.
Using a compromised Microsoft consumer account signing key, hackers could impersonate users and gain access to email accounts using services such as Outlook Web Access and Outlook.com.
According to a recent articulation advice from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, the federal agency observed suspicious activity in its Microsoft 365 logs.
This led to the discovery that advanced persistent threat actors had accessed and extracted data from some Exchange Online Outlook accounts.
What is Storm-0558?
According to Microsoft actor profile from Storm-0558, the group description is as follows:
Storm-0558 (DEV-0558) is a group of nation-state activities based in China. They focus on espionage, data theft and access to credentials. They are also known to use custom malware that Microsoft tracks like Cigril and Bling, to access credentials.
How the problem was solved
CISA and the FBI advised organizations using Exchange Online to implement enhanced monitoring and logging to detect similar attacks.
Their recommendations include enabling advanced audit logging features and gaining visibility into standard cloud traffic patterns.
Microsoft claims it has fully resolved the issue and blocked hackers from accessing it. It is working with affected customers and has notified them prior to public disclosure.
The company said it had found no evidence the hackers remained on any corporate systems.
Mitigation of future cyber attacks
This latest activity comes as cyber-attacks continue to increase against organizations around the world.
US Senator Mark R. Warner, chairman of the Senate Select Committee on Intelligence, expressed concern about reports of the latest cyberattack and what it would take to prevent future incidents.
“The Senate Intelligence Committee is closely monitoring what appears to be a significant breach of cybersecurity by Chinese intelligence. It is clear that the PRC is steadily improving its cyber collection capabilities aimed at US and our allies. Close coordination between the US government and the private sector will be critical to countering this threat.”
Microsoft plans to continue improving security around account keys and tokens to stay ahead of evolving cyber risks.
He emphasized the need for continued collaboration and transparency to strengthen the technology industry’s defenses against sophisticated hacking campaigns.
Featured Image: Koshiro K/Shutterstock
[ad_2]
Source link
