Microsoft Details Root Cause of Major Cyberattack
WASHINGTON: The newly disclosed Chinese hacking of senior US state and commerce department officials resulted from the compromise of a Microsoft engineer’s business account, Microsoft Corp said in a blog post on Wednesday.
Microsoft said the engineer’s account was compromised by a hacking group it calls Storm-0558, which allegedly stole hundreds of thousands of emails from top American officials, including Commerce Secretary Gina Raimondo, US Ambassador to China Nicholas Burns and Deputy Secretary of State. East Asia for team Daniel Kritenbrink.
The blog post addressed some of the unanswered questions about the incident, which drew renewed scrutiny to Microsoft’s data security and led to calls to investigate the company’s practices.
The post specifically explained how the hackers were able to extract the encryption key from the engineer’s account and use it to access email accounts it shouldn’t have given access to.
Microsoft said it has fixed the flaws that led to key access from an unidentified engineer’s account, which gave hackers such wide latitude to steal emails. A Microsoft representative said the engineer’s account had been hit with “token-stealing malware,” but did not elaborate on the incident or its timing.
The Chinese embassy in Washington did not immediately respond to an email. Beijing has previously described the allegation that it stole emails from top US officials as a “baseless story”.