Microsoft published the results of an internal investigation detailing how a suspected Chinese hacker accessed the email accounts of U.S. and European government agencies for more than two years before the breach was discovered in June.
According to a report published on Wednesday, the Chinese-based cybercriminal known as Storm-0558 gained access to the Microsoft communications of high-ranking officials for the first time in April 2021.
The global tech titan stated in a statement that it has concluded a comprehensive technical investigation that determined the hacker used a consumer key from a valid Microsoft account to forge security tokens that allowed backdoor access to Outlook.com.
The breach, which was first reported by the Wall Street Journal in July, was discovered on June 16 by technical staff at the State Department after nine U.S. organizations and agencies and more than two dozen global entities were targeted through apparent vulnerabilities in Microsoft’s cloud security system.
Since then, the investigation has determined that the hacker’s suspicious activity dates back to April 2021, when an apparent bug caused Microsoft’s email system to collapse, resulting in a data purge that inexplicably contained an email access key.
The system did not alert IT to the problem as it should have, and the breach was not discovered until two months later.
During the purge, Storm-0558 discovered the access key and hacked into the unclassified email accounts of numerous high-level officials, including Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns, and Assistant Secretary of State for East Asia Daniel Kritenbrink, as well as a number of research institutes and administrative officials across the country.
Microsoft said Wednesday that it published the investigative findings “as part of our commitment to transparency and trust,” adding that the company was working to tighten up its security protocols.
Since the security breach, the company has instituted enhanced internal controls, including employee background checks, credential scanning, dedicated cloud servers, secure workstations, data encryption, and multi-factor authentication when employees log in.
Microsoft announced that it would take additional measures to restrict access to some of its more sensitive internal data and prohibit employees from using online collaboration tools that could expose the company to malware and phishing.
“For this reason — per policy and as part of our Zero-Trust and ‘assume breach’ mentality — sensitive information should not leave our production environment,” Microsoft said, referring to emails, conferencing, and web research tools previously utilized by corporate-level employees. While these tools are essential, they also expose users to spear phishing, malware that steals tokens, and other account compromise vectors.
At the outset of the investigation, Microsoft stated that it was uncertain as to the full extent of the breach. However, by Wednesday, the company stated that it was confident that it had gotten to the root of the matter and that technical staff was deploying multiple new software fixes to debug the system.
Microsoft continues to reinforce its systems as part of its defense in depth strategy, according to a statement.
According to the company, the issue that allowed the consumer signing key to be present during the 2021 data erasure has been resolved. Additionally, technicians improved internal tools to prevent sensitive materials from being gathered up in future crash dumps.
Download The Radiant App To Start Watching!
Web: Watch Now
LGTV™: Download
ROKU™: Download
XBox™: Download
Samsung TV™: Download
Amazon Fire TV™: Download
Android TV™: Download