Microsoft revealed this week that Chinese hackers were conducting spying operations on U.S. organizations. The leaked information would include email messages from Commerce Secretary Gina Raimondo, who plays a crucial role in export restrictions to China surrounding computer chips.
The email hack allegedly took place since May, after which Microsoft targeted the hacker group in mid-June. The tech giant named the group Storm-0558 and indicated that about 25 organizations had been compromised. One gained access to the email accounts by deploying fake authentication tokens via a Microsoft account (MSA) consumer signing key, or MSA key for short. Steps have since been taken to prevent a recurrence.
Western Europe also affected
So the spying activities had mainly focused on America. However, Bloomberg reports that West European authorities were also affected by the leak. According to American sources from this outlet, the entire attack plan involved a small group of targets. The CISA and FBI recommend that organizations strengthen the security of their Microsoft 365 cloud environments.
On the European front, it is not yet entirely clear who was attacked. Italian security experts are reportedly in contact with Microsoft to identify potential targets in that country.
Rhetoric back and forth
Quite expectedly, China is choosing to respond to the development with a sneer at America. According to foreign affairs spokesman Wang Wenbin, it is precisely America that is responsible for the biggest hacking network in the world and the largest global cyber thief.
It is a recurring rhetoric in the so-called “Chip War,” as Bloomberg usually calls it.
MSA keys
As mentioned, this email hack involved forging tokens needed to log into an account. The MSA key needed to do this, according to security expert Sami laiho, is not readily available. Speaking to Bloomberg, he suggests that it is possible that Microsoft itself may have been compromised. In that regard, it is not illogical for the tech giant not to speak out about it. After all, in all likelihood it only has to disclose such an incident in detail to U.S. authorities.
However, another Bloomberg source believes this is an important source of tension between the U.S. and Microsoft. The lack of free logging within Microsoft products would hinder further investigation. After all, without logs, it is not clear precisely what happened in a system, which likewise made the SolarWinds hack more challenging to solve than it should have been. Microsoft keeps them and can look for evidence for a customer there, but the source speaks of a “recipe for inadequate visibility into what happened inside a network.”
Also read: Hackers spread malware in Windows kernel through open-source software