Microsoft has revealed that Chinese hackers have successfully breached the email accounts of approximately 25 organizations, including government agencies. The specific locations of the affected government agencies have not been disclosed by Microsoft.
However, the US Department of Commerce has confirmed that it was informed about the attack by Microsoft. Reports suggest that Secretary of Commerce Gina Raimondo was among those impacted by the breach. The US Department of Commerce took immediate action in response to the compromise of Microsoft's Office 365 system.
In response to the breach, Microsoft has stated that it is actively monitoring its systems and will promptly respond to any further suspicious activity. US media reports have indicated that the State Department was also targeted by the Chinese hackers.
However, the State Department has not yet provided a comment in response to the BBC's request. The Chinese embassy in London has dismissed the accusation as "disinformation" and accused the US government of being the world's biggest hacking empire and global cyber thief.
According to Microsoft, the hacking group known as Storm-0558, based in China, gained access to the email accounts by falsifying digital authentication tokens required by the system. These tokens are typically used for identity verification purposes.
Microsoft has revealed that the hacking group Storm-0558, based in China, primarily targets government agencies in Western Europe. Their activities focus on espionage, data theft, and gaining access to credentials.
The breaches were found to have started in mid-May, but Microsoft claims to have successfully mitigated the attack and has notified the affected customers. The company has implemented enhanced automated detections to identify indicators of compromise associated with this attack. So far, there is no evidence of further unauthorized access.
In a separate incident in May, Microsoft and Western intelligence agencies disclosed that Chinese hackers had deployed stealthy malware to target critical infrastructure at US military bases in Guam.
Security experts have labeled the cyber espionage campaign against the US as one of the largest on record. The significance of Guam's ports and air bases in the event of a conflict in Asia makes them a prime target.
China has dismissed the Microsoft report as "highly unprofessional" and denounced it as "disinformation." Despite substantial evidence and context, China consistently denies any involvement in hacking activities.