On Wednesday, the Biden administration revealed that Chinese hackers used a vulnerability in Microsoft Exchange Server last month to obtain entry to emails of at least one U.S. federal agency.
The attack comes as tensions rise between the United States and China, just weeks after another cyberattack on U.S. government networks by a group with ties to Russia.
An unnamed federal agency discovered the suspicious activity in the middle of June after discovering Microsoft 365 audit logs accessed by licensed users in Exchange Online mailboxes through abnormal programs, according to a joint advisory issued by the Cybersecurity and Infrastructure Security Agency and the FBI on Wednesday. The organization informed Microsoft and CISA of the intrusion.
Cybercriminals used fake authentication tokens to gain access to the networks of the government agency and almost two dozen other organizations in a breach initially publicized by Microsoft late Tuesday night. The Microsoft investigators identified the infiltrators as Storm-0558, an organization specializing in espionage, credential theft, and data theft against Western European government institutions, as the infiltrators.
On Wednesday, White House National Security Council spokesman Adam Hodge stated that the United States government had discovered a breach in Microsoft’s cloud security that had affected unclassified systems the previous month. The government promptly contacted Microsoft to investigate and fix the security flaw. Hodge noted that the government continues to demand high security from its procurement contractors.
It was unclear at first which federal entities had been compromised. A Defence Department spokesperson would not discuss the hack. When asked for more information, the FBI and a CISA representative declined to comment.
When asked about the breach during a news briefing in Beijing on Wednesday, China’s Ministry of Foreign Affairs spokesperson Wang Wenbin did not deny it. Still, he accused the United States of being the world’s largest hacking empire and global cyber thief.
Since last year, Chinese and international cybersecurity organizations have released papers detailing years of cyberattacks by the United States government against China. According to Wang, the United States still has not responded to these reports.
The intrusion was revealed on the morning of the Senate Intelligence Committee hearing for Lt. Gen. Timothy Haugh, who has been nominated to head the National Security Agency and U.S. Cyber Command.
Senate Intelligence Committee Chairman Mark Warner (D-Va.) released a statement on Wednesday saying that his committee is closely monitoring what looks to be a significant cybersecurity intrusion by Chinese intelligence.
According to Warner, the People’s Republic of China’s cyber collection capabilities aimed at the United States and its allies are improving. To combat this threat, the government and corporate sector of the United States must work closely together.
This is the most recent data breach to affect a government organization. In an apparent attempt to steal information from U.S. government organizations and hundreds of other entities worldwide, Russian cybercriminals exploited the file-sharing system MOVEit last month. One of the government departments said to have been compromised is the Energy Department.
The DOE did not immediately reply to a request for comment regarding the latest hack that affected the department’s Microsoft systems.