Microsoft discloses breach of gov’t email accounts

Microsoft government email breach overview: 

• Who: Microsoft has disclosed a breach of its email systems that is being attributed to bad actors from the China-backed hacking group Storm-0558. 
• Why: The breach impacted consumers — along with at least one unnamed federal government agency — with accounts on the Microsoft 365 email cloud environment. 
• Where: Nationwide. 
• What are my options: Norton LifeLock carries many options when it comes to data security.

Microsoft has disclosed that a group of China-backed hackers were recently able to break into the email systems of some of its customers, in what the tech giant called an attempt to gather intelligence.

The company said in a blog post on Tuesday that it began investigating unusual activity in its email systems within a few weeks of the initial attack, however, bad actors were repeatedly able to gain access to accounts during that time. 

In a related advisory, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) said a federal government agency — which it did not name — detected unusual activity on its Microsoft 365 email cloud environment in June. 

The agency immediately reported the unusual activity to Microsoft, according to the CISA, which said the company “determined that advanced persistent threat (APT) actors accessed and exfiltrated unclassified Exchange Online Outlook data.” 

It is unclear at this time how many government agencies were affected by the breach, reports NPR, however, the CISA said any data that was taken from the unnamed federal agency was unclassified. 

Microsoft connects breach to Chinese hacking group Storm-0558

Microsoft said it has connected the breach to a Chinese hacking group it calls Storm-0558 and that “primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access.” 

The company determined Storm-0558 was able to infiltrate customer email accounts on Outlook Web Access in Exchange Online and Outlook.com by using a stolen managed service account (MSA) key to forge authentication tokens. 

“The actor exploited a token validation issue to impersonate Azure AD users and gain access to enterprise mail,” Microsoft said. 

Microsoft said it was able to mitigate the breach by blocking the usage of tokens signed with the acquired MSA key, before replacing the key entirely “to prevent the threat actor from using it to forge tokens.” 

The company said it also blocked usage of tokens that were issued with the acquired MSA key for all of its impacted consumer customers.

Microsoft disclosed a separate data breach to the public last year that it warned exposed the sensitive information of some of its customers. The breach was blamed on a misconfigured internet-accessible Microsoft server. 

Have you been impacted by a Microsoft data breach? Let us know in the comments!

Read About More Class Action Lawsuits & Class Action Settlements:

• Johns Hopkins class action claims inadequate data security led to breach
• Nickelodeon reveals data breach, says no sensitive info stolen
• Harvard Pilgrim class action alleges data breach affects 2.5M patients
• Judge preliminarily approves $3M Coca-Cola settlement over pay dispute following 2021 Kronos hack