Microsoft has revealed that it successfully stopped a coordinated cyber attack from China, which targeted around 25 organizations, including government agencies. The attack, carried out by a group known as “Storm-0558,” began on May 15, with Microsoft receiving initial indications a month later. Thankfully, the tech giant was able to ward off the attack on all affected customers without any action required on their part. Microsoft detected that the hackers gained access through fake access tokens for email accounts on its services. The company is continuously monitoring the attackers’ activities and has informed the targets of the attack. The attackers had obtained an access key for Microsoft accounts by exploiting a vulnerability in token validation, allowing them to create forged access tokens for email accounts. They breached accounts on Outlook.com and Exchange Online through web access. In order to halt the attack, Microsoft blocked the certified tokens and replaced the access key. The company confirms that anyone who has not been contacted by Microsoft likely has not been targeted by the attack. In a blog post, Microsoft identified China as the source of the attack and stated that the “Storm-0558” group specializes in espionage. The US Department of Homeland Security collaborated with Microsoft in defending against the attack, implementing extensive automatic detection measures for indicators of the attack and fortifying their defense systems. As of now, there is no evidence of further unauthorized access.
