As part of a suspected cyber espionage effort, hackers linked to China used weaknesses in Microsoft software to infiltrate the email networks of over two dozen businesses, including several US government institutions.
According to the Wall Street Journal, the hackers, known as “Storm-0558,” gained access to key computer networks by exploiting a security flaw in Microsoft's cloud computing infrastructure. This finding is extremely troubling for authorities and security specialists since it is thought to be part of a bigger espionage program that might have exposed sensitive US government material.
“Last month, U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems. Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” said Adam Hodge, White House National Security Council Spokesman. He added, “We continue to hold the procurement providers of the U.S. government to a high security threshold.”
The exact scope and gravity of the event, as well as the specific institutions and persons involved, are unknown. The event has heightened senior Western intelligence officials' fears about Chinese hackers' capacity to coordinate covert strikes that can go undetected for years.
China, on the other hand, has repeatedly denied hacking into US companies and has accused the US and its allies of targeting Chinese networks. Requests for comment on the event were not returned by the Chinese embassy in Washington.
Microsoft has admitted that the hackers exploited a security flaw in its cloud computing infrastructure. “The hackers broke into email accounts at about 25 organizations and hit consumer accounts that were likely linked to these entities,” Microsoft said in a statement. The company has since mitigated the security weakness and is working with the impacted customers.
“We have been working with the impacted customers and notifying them prior to going public with further details,” Microsoft stated.