Hackers believed to be linked to China have exploit vulnerabilities in Microsoft software to breach the email systems at over two dozen organizations, including some U.S. government agencies, as part of a suspected cyber-espionage campaign.
The Wall Street Journal reports that the hackers, identified as “Storm-0558,” exploited a security weakness in Microsoft’s cloud-computing environment to gain access to sensitive computer networks. This development is especially concerning for officials and security researchers, as it is seen as part of a larger espionage campaign that could have compromised valuable U.S. government information.
“Last month, U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems. Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” said Adam Hodge, spokesman for the White House National Security Council. He added, “We continue to hold the procurement providers of the U.S. government to a high security threshold.”
The full extent and severity of the incident, including the specific institutions and individuals affected, are not yet known. The incident has underscored the growing concerns among senior Western intelligence officials about the ability of Chinese hackers to orchestrate stealthy attacks that can evade detection for years.
China, however, has consistently denied hacking U.S. organizations and has accused the U.S. and its allies of targeting Chinese networks. The Chinese embassy in Washington did not respond to requests for comment on the incident.
Microsoft has confirmed that the hackers took advantage of a security weakness in its cloud-computing environment. “The hackers broke into email accounts at about 25 organizations and hit consumer accounts that were likely linked to these entities,” Microsoft said in a statement. The company has since mitigated the security weakness and is working with the impacted customers.
“We have been working with the impacted customers and notifying them prior to going public with further details,” Microsoft stated.
Breitbart News reported in June on another major hack perpetrated by the Chinese:
The new Chinese attack Mandiant detected once again exploited security flaws in an email program to infect an as-yet-unknown number of computer systems. In this case, the email package is called Barracuda Email Security Gateway (ESG).
Barracuda announced on May 23 that it discovered a zero-day vulnerability – a previously undetected gap in software security that hackers exploited before security experts became aware of it. The vulnerability allowed attackers to gain unauthorized access to parts of the email system and deposit malicious code by formatting filenames in a manner that tricked the ESG system into executing them without requiring proper authentication.
Barracuda quickly patched the vulnerability but warned that hackers may have been exploiting it for up to seven months before it was discovered. On June 11, Barracuda issued an urgent update that advised users to replace affected ESG devices immediately, regardless of installed patches or software version level – a sobering testament to the severity of the flaw, and how ruthlessly it was exploited by hackers before security professionals discovered it.