This post is also available in: עברית (Hebrew)
A recent Chinese hack of senior officials at the U.S. State and Commerce departments was apparently a result of the compromise of a Microsoft engineer’s corporate account, and stealing a valuable key, as reported by Microsoft Corp (MSFT.O).
According to Reuters, Microsoft has stated that the engineer’s account had been compromised by the “Storm-0558” hacking group, which allegedly used the key to forge authentication tokens to access email accounts on Microsoft’s cloud servers including top American officials such as Commerce Secretary Gina Raimondo, US Ambassador to China Nicholas Burns and Assistant Secretary of State for East Asia Daniel Kritenbrink.
The breach was disclosed back in June 2023, but at the time it was still unclear how the hackers were able to steal the key that allowed them to access the accounts.
A blog post by Microsoft in which the company addressed unanswered questions drew fresh scrutiny to the company’s security and led to experts calling to investigate Microsoft’s practices. The post specifically explained how hackers were able to extract a cryptographic key from the engineer’s account and use it to access email accounts that it should not have given them access to, as reported by Cybernews.
Microsoft claims it had fixed the flaws that led to the key being accessible from the engineer’s account, with a Microsoft representative saying the account was hit with “token-stealing malware” but did not add any further details regarding the incident or its timing.
The Chinese Embassy in Washington did not immediately provide a response, and Beijing has previously said that the allegation that China stole emails from top US officials is a “groundless narrative.”