Security News > 2023 > July > Microsoft admits unauthorized access to Exchange Online, blames Chinese gang

US commerce secretary Gina Raimondo and other State and Commerce Department officials were reportedly among the victims of a China-based group's attack on Microsoft's hosted email services.
The US Cybersecurity and Infrastructure Security Agency and the FBI issued a joint advisory detailing how a Federal Civilian Executive Branch agency was tipped off when it observed MailItemsAccessed events with an unexpected ClientAppID and AppID in Microsoft 365 Audit Logs - as the AppId did not normally access mailbox items in that manner.
The FCEB agency reported the activity to Microsoft, which confirmed threat actors accessed and exfiltrated unclassified Exchange Online Outlook data.
US Department of State spokesperson Matthew Miller said [VIDEO] on Wednesday the department "Noted the attribution Microsoft has made" - but that the agency would not make a public attribution at this time.
CISA said Microsoft addressed the issue by blocking tokens issued with the acquired key and changing the key.
Microsoft stated it has completed mitigation of this attack for all customers, including implementing automated detections for known indicators of compromise.
News URL
Related news
- Microsoft: Exchange 2016 and 2019 reach end of support in October (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)
- Chinese hackers abuse Microsoft APP-v tool to evade antivirus (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- Week-long Exchange Online outage causes email failures, delays (source)