Chinese cyber spies have found and exploited a significant gap in Microsoft’s cloud, leading to a targeted hack on unclassified U.S. email accounts. The security issue was identified last month, shedding light on a concerning vulnerability which the U.S. government reportedly first discovered.
A Breach in the Cloud
According to White House statements, a security hole in Microsoft’s cloud has affected unclassified systems. The National Security Council spokesman Adam Hodges confirmed that officials promptly reached out to Microsoft to identify the source and weakness in their cloud service. The U.S. government continues to maintain a high-security threshold for its procurement providers.
The number of compromised U.S. email accounts, according to an anonymous source familiar with the situation, is limited. The attack seems targeted, and an FBI investigation is ongoing. The source also reported that the email accounts of the Pentagon, intelligence community, and military remained unaffected.
The Hackers and Their Methods
Microsoft disclosed that it had mitigated an attack primarily targeting Western European government agencies. The attack, allegedly conducted by a China-based threat actor, focused on espionage and data theft. About 25 organizations, including various government agencies, were affected.
The attackers forged authentication tokens, using an acquired Microsoft account consumer signing key, to gain access to user emails. Charlie Bell, Microsoft’s executive vice president of security, confirmed this method in a blog post. Bell added that Microsoft had completed its mitigation of the attack for all customers, and U.S. officials also believe the incident has been contained.
Microsoft’s Security Challenges
This incident is not the first cybersecurity lapse Microsoft, the world’s largest software provider, has experienced. In 2020, Russian hackers exploited Microsoft’s system weaknesses after breaching U.S. government email accounts by compromising software made by Texas company SolarWinds.
Soon after the discovery of the SolarWinds breaches, Chinese hackers exploited a separate flaw in Microsoft Exchange email servers, leading to widespread exploitation. Jason Kikta, Chief Information Security Officer at cybersecurity firm Automox, stated that the recent attack used a stolen key which Microsoft’s design failed to properly validate.
Next Steps and Implications
Following the hack, Microsoft suggested workarounds and emphasized the effectiveness of its Defender security software in preventing attacks. However, the company admitted it had not yet patched the actual flaw.
In the aftermath of the SolarWinds hack, Microsoft President Brad Smith testified that Microsoft’s code had not been vulnerable. Instead, he pointed to configuration errors and poor controls by customers. However, Homeland Security officials argued that basic security tools, like the ability to review logs, were only available at pricier service tiers.
As a result of this latest breach, the U.S. government has tightened cybersecurity rules for vendors of software and hardware it uses. Government officials are investigating whether these rules were breached or if they need to be adjusted further.
This news article is based on a report by Caroline O’Donovan, Joseph Menn, and Shane Harris, originally published in The Washington Post.
