Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Says Chinese Hackers Compromised Exchange Email Accounts

Microsoft has disclosed that Chinese hackers breached the email accounts of US government employees. The hacking group (tracked as Storm-0558) exploited a flaw in Microsoft’s cloud email service to gain unauthorized access to email systems.

Microsoft found that the threat actors used forged authentication tokens to access affected user accounts through Outlook Web Access in Exchange Online (OWA) and Outlook.com. The hackers first used stolen consumer (MSA) keys to forge tokens and access Outlook.com and OWA. Secondly, they abused a token validation flaw to impersonate Azure AD customers and get unauthorized access to enterprise mail.

Microsoft mitigates attack on Exchange Online

According to the Washington Post, the US government shared the details about the security vulnerability with Microsoft on June 16. Since then, the company has successfully mitigated the flaw for all affected customers. Microsoft confirmed that it had blocked access to compromised email accounts.

“Our telemetry indicates that we have successfully blocked Storm-0558 from accessing customer email using forged authentication tokens. No customer action is required. As with any observed nation-state actor activity, Microsoft has contacted all targeted or compromised organizations directly via their tenant admins and provided them with important information to help them investigate and respond,” the MSRC team explained.

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI said in a security advisory that Storm-0558 only managed to access unclassified email data. The hacking group didn’t breach emails connected to the intelligence community, military, and Pentagon.

CISA has not disclosed the overall impact of the security incident. However, federal agencies have urged organizations to report any malicious activities in their Microsoft 365 tenants.

by Rabia Noureen
Jul 13, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

How to Connect to Exchange Online Using PowerShell

Jun 9, 2023
Dec 05, 2023
How to Get Started With Exchange Online Archiving

Jun 16, 2023
Aug 11, 2023
How to Whitelist a Domain in Office 365

Jun 5, 2023
Jul 24, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.