Security News > 2023 > July > Chinese hackers forged authentication tokens to breach government emails

Sophisticated hackers have accessed email accounts of organizations and government agencies via authentication tokens they forged by using an acquired Microsoft account consumer signing key, the company has revealed on Tuesday.
"The threat actor Microsoft links to this incident is an adversary based in China that Microsoft calls Storm-0558. We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection."
Microsoft began investigating anomalous mail activity on June 16, 2023, after being alerted by customers.
"We have no indications that Azure AD keys or any other MSA keys were used by this actor. OWA and Outlook.com are the only services where we have observed the actor using tokens forged with the acquired MSA key."
Microsoft says customers don't have to do anything to protect themselves against this attack - the company has implemented mitigations.
Microsoft has also shared on Tuesday that attackers have been exploiting its Microsoft Windows Hardware Developer Program to sign malicious drivers, and has released fixes for various zero-days actively exploited in the wild.
News URL
https://www.helpnetsecurity.com/2023/07/12/storm-0558-forged-authentication-tokens/
Related news
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
- Chinese Hackers Breach Asian Telecom, Remain Undetected for Over 4 Years (source)
- Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- Silk Typhoon hackers now target IT supply chains to breach networks (source)
- Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom (source)
- Oracle denies breach after hacker claims theft of 6 million data records (source)
- Chinese Weaver Ant hackers spied on telco network for 4 years (source)
- Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps (source)
- Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication (source)