On Tuesday, Microsoft announced that it successfully fended off a cyber assault launched by a Chinese state-sponsored actor aimed at around two dozen organizations, including government agencies. The attack was part of a cyber espionage campaign to obtain confidential information.
According to the report: “Microsoft has mitigated an attack by a China-based threat actor Microsoft tracks as Storm-0558 which targeted customer emails. Storm-0558 primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access.”
The offensive, which began on May 15, 2023, involved unauthorized access to email accounts, impacting approximately 25 entities and a small number of individual consumer accounts.
Microsoft attributed the operation to a Chinese-based nation-state group known as Storm-0558. The group predominantly targets government agencies in Western Europe and focuses on espionage, data theft, and obtaining credentials. They utilize custom malware, named Cigril and Bling by Microsoft, to gain access to credentials.
The breach was discovered a month later, on June 16, 2023, after an unidentified customer reported suspicious email activity to Microsoft.
Microsoft promptly notified affected organizations and agencies through their administrators. However, Microsoft did not disclose the specific entities and the number of compromised accounts.
No evidence suggests that the threat actor utilized Azure AD keys or any other MSA keys during the attacks. Microsoft has taken measures to block the usage of tokens signed with the acquired MSA key in OWA to mitigate the attack.
Microsoft Security’s Executive Vice President Charlie Bell emphasized that “this espionage-driven adversary seeks to exploit credentials and gain unauthorized access to sensitive systems.”
This incident highlights the consistent threat of nation-based attackers, who are ready to exploit sensitive information. Cybersecurity has become a challenge in this growing digital environment, and we must know what’s happening.