FBI warning: Chinese hackers compromised Outlook accounts of U.S. government agency employees
In a joint statement by the CISA and FBI issued on July 12th, 2023, the federal agencies confirmed that advanced persistent threat (APT) actors managed to access and download Exchange Online Outlook data that includes info from email accounts of U.S. government employees. The news was also confirmed by tech giant Microsoft which continues to work on mitigating the attack. The tech giant identified the hacker organization, which originates in Asia and specializes in targeting government agencies in the Western world. Microsoft believes the attack came from the famous Chinese hacker group called Storm-0558.
The Federal Civilian Executive Branch (FCEB) agency first reported the cyber incident. They identified suspicious activity in the organization’s Microsoft 365 cloud environment and reported it to CISA, FBI, and Microsoft. The hackers were able to get unauthorized access to customer email accounts that use Outlook Web Access in Exchange Online (OWA) and even Outlook.com.
The criminals have had access to the email servers since mid-May. The cybercriminals pulled it off by forging authentication tokens to access user email. Microsoft believes that all the data stolen by the perpetrators is unclassified, even though the hackers specifically targeted the email accounts of high-profile individuals such as members of the House of Representatives. The identities and party affiliations of the targeted elected officials have not been publicly released.
READ ALSO: PGP Encryption: The Email Security Standard
Microsoft began investigating anomalous mail activity after customers, including FCEB, reported the problem. The investigation concluded that on May 15th, 2023, the Chinese managed their way into email accounts affecting dozens of organizations, including some government agencies and accounts of individuals associated with the targeted organizations. Microsoft began contacting affected parties, and the issue has been officially resolved – all affected Microsoft customers have been informed of the security incident. Even though Microsoft continues the investigation, the data leakage has been stopped.
The hacker attack was supported by heavy resources and was solely focused on espionage. There are no reports of ransom requests by the hacker organization, so the attack is likely state-driven. Such attacks are often considered part of the spy efforts between global superpowers such as the USA and China. Reuters reported that China’s embassy in London denied involvement in the cyber incident and called the news “disinformation.” The Chinese also stated that the USA is the world’s most enormous hacking empire and called the country a “global cyber thief.”