iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
At least 60,000 emails have been stolen from the US State Department after Chinese hackers breached Microsoft’s Exchange email service.
State Department officials announced in a Senate staff briefing that back in May, tens of thousands of emails were stolen from 10 State Department accounts, nine of which were in east Asia and the Pacific and one was in Europe, according to an anonymous staffer of Senator Eric Schmitt.
“We need to harden our defences against these types of cyber attacks and intrusions in the future, and we need to take a hard look at the federal government’s reliance on a single vendor as a potential weak point,” said Schmitt.
The threat actors had reportedly breached the email accounts of 25 organisations since May, including the US state and commerce departments, but the impact of the breach on the State Department was unveiled this month by State Department spokesperson Matthew Miller.
“Yes, it was approximately 60,000 unclassified emails that were exfiltrated as a part of that breach. No, classified systems were not hacked. These only related to the unclassified system,” Miller said in a press briefing.
The attack is being attributed to the Chinese-backed hacking collective known as Storm-0558, saying that the group had gotten hold of a Microsoft account (MSA) consumer key.
While these keys are usually locked down within Microsoft’s production environment and cannot be accessed without staff background checks, hardware-based multifactor authentication, secure workstations and more, Microsoft believes that the group gained access to one thanks to a “consumer signing system crash” in April 2021.
This led to a crash dump being created that, despite all of Microsoft’s security, included a signing key. This would not normally happen, but a rare condition – wherein two processes try to access the same system resource at the same time – meant the key was included by accident.
Storm-0558 then gained access to an engineer’s account, where it found the crash dump and the key.
At the time of the initial breach, Microsoft did not outline the specific impact or details, such as the organisations affected.
The US State Department has said that it has not made any specific attributions but is responding to the breach in line with Microsoft and its belief that Storm-0558 is behind the attack.
“We have not made an attribution at this point, but, as I said before, we have no reason to doubt the attribution that Microsoft has made publicly,” added Miller.
“Again, this was a hack of Microsoft systems that the State Department uncovered and notified Microsoft about.”
Be the first to hear the latest developments in the cyber industry.
