A China-based hacking group intent on conducting espionage breached a series of email accounts linked to government agencies in Western Europe, according to Microsoft Corp.
In a blog post published Tuesday night, Microsoft said the group that it identified as Storm-0558 was able to remain undetected for a month after gaining access to email data from around 25 organizations in mid-May. The software company only discovered the breach following an investigation in mid-June, after being alerted by customer reports about abnormal mail activity.
“We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection,” Charlie Bell, an executive vice president at Microsoft, wrote in another post.
Storm-0558 carried out the attack by forging the authentication tokens needed to access user email accounts, he added. Microsoft has since notified the affected customers and completed the relevant mitigation efforts, the company said.
Microsoft said it’s partnered with the Department of Homeland Security’s cyber defense agency to address the breach and would continue to investigate and monitor the China-based group. The company has added “substantial automated detections” for signs of system compromise to strengthen its defenses.
This is the latest discovery of a China-based threat actor conducting cyberattacks seeking sensitive information. In May, Microsoft said that a Chinese state-sponsored hacking group known as Volt Typhoon had gained access to infrastructure organizations in Guam and elsewhere in the US, with the likely goal of disrupting critical communications.
(Adds additional details in fifth paragraph)