In mid-May, we and the security community reported on a noteworthy hacking campaign, orchestrated by Chinese hackers who successfully infiltrated several US government email accounts, including those belonging to federal agencies like the State Department and the Department of Commerce. Although the scale of the breach campaign was relatively small, its impact on unclassified systems raised concerns due to the targeted nature of the attacks, aimed at high-level individuals for espionage purposes.
See our original report of the incident:
A crucial role in identifying the Chinese hackers behind the breach was played by Microsoft’s threat research team. They managed to trace the origin of the attack and discern the specific information sought by the hackers. Interestingly, the attackers strategically employed forged authentication tokens to gain unauthorized access to high-level government email accounts across various agencies.
Predictably, China vehemently denied these accusations and instead accused the US government of engaging in aggressive hacking campaigns. Such a tit-for-tat response is not uncommon in the realm of cyber warfare, as both nations seek to gain advantages through their hacking capabilities.
Microsoft described the hackers’ modus operandi as “surgical,” signifying their method of precisely targeting specific individuals for espionage purposes. The attackers exploited a stolen Microsoft account consumer signing key to forge authentication tokens for government email accounts of interest. This allowed them to access emails via Outlook’s web feature (OWA) and Outlook.com. Fortunately, Microsoft acted swiftly, blocking the forged tokens and replacing the MSA key to neutralize further attacker activities.
Due to their sophisticated tactics, China is now regarded as the most technically advanced cyber adversary by US officials. This incident serves as a stark reminder of the ongoing cybersecurity challenges faced by governments and organizations worldwide, highlighting the importance of vigilance and continuous efforts to enhance cybersecurity measures.
This article is largely based on the orginal article that first appeared on CentralEyes.
Read the original post at: https://www.centraleyes.com/made-in-china-hack-infiltrates-the-us-government/
Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!
Remember, CyberSecurity Starts With You!
- Globally, 30,000 websites are hacked daily.
- 64% of companies worldwide have experienced at least one form of a cyber attack.
- There were 20M breached records in March 2021.
- In 2020, ransomware cases grew by 150%.
- Email is responsible for around 94% of all malware.
- Every 39 seconds, there is a new attack somewhere on the web.
- An average of around 24,000 malicious mobile apps are blocked daily on the internet.