Microsoft has mitigated an attack by a China-based threat actor that targeted customer emails. The threat actor, which Microsoft tracks as Storm-0558, primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access.
The attack began on May 15, 2023, and affected approximately 25 organizations, including government agencies as well as related consumer accounts of individuals likely associated with these organizations. The attackers gained access to email accounts by using forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key.
As with any observed nation-state actor activity, Microsoft has contacted all targeted or compromised organizations directly via their tenant admins and provided them with important information to help them investigate and respond.
Microsoft is partnering with DHS CISA and others to protect affected customers and address the issue.
Bijay Pokharel
Related posts
Recent Posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.