Security News > 2023 > September > Microsoft breach led to theft of 60,000 US State Dept emails

Chinese hackers stole tens of thousands of emails from U.S. State Department accounts after breaching Microsoft's cloud-based Exchange email platform in May. During a recent Senate staff briefing, U.S. State Department officials disclosed that the attackers stole at least 60,000 emails from Outlook accounts belonging to State Department officials stationed in East Asia, the Pacific, and Europe, as Reuters first reported.

Microsoft did not disclose specific details regarding the affected organizations, government agencies, or countries impacted by this email breach.

"Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service. We continue to hold the procurement providers of the US Government to a high security threshold."

Earlier this month, Microsoft disclosed that the threat group first obtained a consumer signing key from a Windows crash dump, a breach facilitated after compromising the corporate account of a Microsoft engineer, which enabled access to the government email accounts.

Under pressure from the Cybersecurity and Infrastructure Security Agency, Microsoft has also agreed to broaden access to cloud logging data at no cost, which would help network defenders identify potential breach attempts of a similar nature in the future.

US cyber safety board to analyze Microsoft Exchange hack of govt emails.

News URL

https://www.bleepingcomputer.com/news/security/microsoft-breach-led-to-theft-of-60-000-us-state-dept-emails/