Security News > 2023 > July > Microsoft admits unauthorized access to Exchange Online, blames Chinese gang
US commerce secretary Gina Raimondo and other State and Commerce Department officials were reportedly among the victims of a China-based group's attack on Microsoft's hosted email services.
The US Cybersecurity and Infrastructure Security Agency and the FBI issued a joint advisory detailing how a Federal Civilian Executive Branch agency was tipped off when it observed MailItemsAccessed events with an unexpected ClientAppID and AppID in Microsoft 365 Audit Logs - as the AppId did not normally access mailbox items in that manner.
The FCEB agency reported the activity to Microsoft, which confirmed threat actors accessed and exfiltrated unclassified Exchange Online Outlook data.
US Department of State spokesperson Matthew Miller said [VIDEO] on Wednesday the department "Noted the attribution Microsoft has made" - but that the agency would not make a public attribution at this time.
CISA said Microsoft addressed the issue by blocking tokens issued with the acquired key and changing the key.
Microsoft stated it has completed mitigation of this attack for all customers, including implementing automated detections for known indicators of compromise.
News URL
Related news
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- Microsoft re-releases Exchange updates after fixing mail delivery (source)
- Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (source)