Emails Of US government officials hacked by China-backed actors
According to a report from July 14th, 2023, a Chinese state-sponsored hacking group known as 'Storm-0558,' as identified by Microsoft, managed to gain unauthorized access to U.S government emails through a phishing attack. The attack involved the forging of authentication tokens to gain entry to user email accounts, utilizing a compromised Microsoft account consumer signing key.
Once the attacker successfully bypassed security measures and gained authentication from Azure, they accessed the Outlook Web Access (OWA) API to retrieve a token for Exchange Online. To avoid detection and attribution, the attackers used a dedicated infrastructure running SoftEther proxy software.
Microsoft has since taken steps to completely mitigate the attack. However, it was discovered that Storm-0558 had been present within government systems since at least May. Notable victims of this attack included the U.S Ambassador to China and the assistant Secretary of State for East Asia.
The potential impact of this attack is severe, as sensitive information from the U.S government could have been stolen by the attackers. This information might include travel or work details of diplomats, which could pose a threat to national security if exploited. The stolen data could also be utilized for reconnaissance in future phishing or espionage campaigns, or to inform China's foreign policy decisions.
Read more about it: here