Microsoft Cloud vulnerability exploited compromising US government email accounts

Microsoft cloud email service was compromised by hackers linked to the Chinese government successfully infiltrated approximately 25 email organizations hosted on MS, including those belonging to various US government agencies such as the State Department.

Both Microsoft and US officials have verified the occurrence of this breach.

US government safeguards detected a breach in the security of Microsoft's cloud infrastructure, impacting systems marked as unclassified. Action was taken to identify the source and vulnerability within the cloud service by contacting Microsoft.

This cybersecurity incident enabled a group of threat actors known as Storm-0558 to gain access to email accounts belonging to several US government officials. Microsoft reported that consumer accounts associated with individuals connected to these organizations were also affected by this major breach.

Based on Microsoft's investigation, the threat actors exploited Outlook Web Access in Exchange Online (OWA) and Outlook.com, using forged authentication tokens that were generated with a confidential key apparently stolen from Microsoft systems. These tokens were used to impersonate Azure AD users and gain unauthorized access.

Once alerted to the breach, Microsoft mitigated the attack for all customers, effectively preventing Storm-0558 from accessing customer email accounts using the forged authentication tokens. The company also took measures to replace the compromised key to prevent Storm-0558 from utilizing it to create additional forged tokens.

The Chinese embassy in London dismissed the accusation as "disinformation" and labeled the US government as "the world's biggest hacking empire and global cyber thief."