Reportedly, as claimed by U.S. officials and Microsoft, Chinese state-linked hackers have been able to access the email accounts of about 25 organisations, which include at least two U.S. government agencies. As stated by Juke Sullivan in an interview with ABC’s Good Morning America, U.S. officials were able to detect the breach quite early and were able to prevent any further breaches. The affected agencies include the U.S. State and Commerce departments.
Also Read: China-linked hacking group named Flea tied to attacks on foreign ministries
Further, The Washington Post reported that the accounts of Department of State Officials and Secretary of Commerce Gina Raimondo were reportedly hacked. Only Gina Raimondo is known to be a Cabinet-level official whose account was compromised in the incident. According to a senior U.S. government official, comparing it to the SolarWinds compromise, a sizable collection of digital intrusions that were revealed in late 2020 and attributed to Russian cyberspies, would not be fair.
The official expressed, “This intrusion should not be compared to SolarWinds,” and called the intrusion to be much narrower. However, the official added that they could not comment on Microsoft’s take on attributing the hack to China.
The U.S. has responded to the situation strongly. In a meeting with Wang Yi in Jakarta, Secretary of State Antony Blinken reportedly made it clear that any action that targets the U.S. government, U.S. companies, or U.S. citizens “is of deep concern to us, and that we will take appropriate action to hold those responsible accountable,” according to a second source, a senior state department official.
As per a report by Reuters, Microsoft claimed that the hacking organisation, Storm-0558, used fake digital authentication tokens to get access to email accounts that were using the company’s Outlook service. The action started in May, according to Microsoft.
According to reports, Microsoft had alerted the organisations of “a compromise to Microsoft’s Office 365 system, and the department immediately took action to respond.” Interestingly, a report by the U.S. inspector general’s office in March criticised “fundamental deficiencies” in the Commerce Department’s cybersecurity incident response programme, claiming it violated security protocols, improperly used cyber-protection tools, and handled simulated cyberattacks poorly.
Microsoft noted that the hacker group involved primarily targets organisations in Western Europe but did not specify which governments or organisations have been targeted.
Also Read: If you are a Windows user, you need to urgently update because of “this” reason
The U.S. government was referred to as “the world’s biggest hacking empire and global cyber thief” by the Chinese embassy in London, which also labelled the claim of blaming it for hacking accounts as “disinformation.” Regardless of the facts or context, China constantly denies involvement in hacking operations.
Follow FE Tech Bytes on Twitter, Instagram, LinkedIn, Facebook
