When the Storm-0558 Chinese hackers breached Microsoft’s cloud-based Exchange email platform last May, they stole 60,000 unclassified emails from the employees of the US State Department.
The breach was confirmed at a recently held Senate staff briefing which added the compromised personnel were located in East Asia, the Pacific, and Europe, and focused mostly on Indo-Pacific diplomacy work. The threat actors also found a list of all the email accounts of the department.
“We need to harden our defenses against these types of cyberattacks and intrusions in the future, and we need to take a hard look at the federal government’s reliance on a single vendor as a potential weak point,” Senator Eric Schmitt said in a statement.
Espionage and data theft
In a media conference, State Department spokesperson Matthew Miller stressed that classified systems were not breached. Discussing the attackers, it was said that the State Department would confirm Microsoft’s earlier conclusions that Storm-0558 was behind the intrusion.
“We have not made an attribution at this point, but, as I said before, we have no reason to doubt the attribution that Microsoft has made publicly. Again this was a hack of Microsoft systems that the State Department uncovered and notified Microsoft about.”
When the news of the hack first broke in mid-July 2023, it was reported that hackers gained access to some 25 accounts belonging to U.S. government employees. It was the State Department that tipped Microsoft off on the breach, and the software giant took a few weeks to discover exactly how the hackers obtained a consumer key that was necessary to pull the hack off.
Storm-0558 is a threat actor usually focused on espionage, data theft, and credential access, against entities in Western Europe.
Via BleepingComputer
More from TechRadar Pro
Services Marketplace – Listings, Bookings & Reviews