In June, the Cybersecurity and Infrastructure Security Agency (CISA) discovered a China-based hacking incident had occurred. Now, we are learning that more than just emails may have been breached.
What happened
In a joint announcement released by the CISA and FBI on July 12th, officials reported that Microsoft had been breached, resulting in threat actors accessing and exfiltrating unclassified Exchange Online Outlook data.
The release also provided guidance to enhance the monitoring of Microsoft online environments to help detect and prevent malicious activity.
According to an NBC news report, approximately 25 organizations were part of the attack, including the State Department and Commerce Department.
The incident was linked to China, although it is publicly unknown if the hacker group is associated with China's government. The hacks reportedly began May 15th and went undetected until June 16th, when steps were immediately taken to secure the victims' email accounts.
What's new
Initially, it was believed that only email accounts had been accessed, but according to a recent report by the Washington Post, it's possible that the same technique used to infiltrate Microsoft Outline could have extended access to other parts of the Microsoft cloud, including SharePoint, Teams, and OneDrive.
The hacking group was able to use a stolen or forged Microsoft signing key that authenticates customers, which could allow the hacker to approve access to various employee inboxes. While the key is now unable to be used in new attacks, it's possible that the attackers created backdoor entries or exposed other files.
As of now, the CISA and FBI believe that only emails were accessed and no classified information was taken.
What was said
The investigation is still ongoing, and according to former National Security Agency analyst Jake Williams, the attack will be a "nightmare scenario for those assessing impact."
An anonymous CISA official said the attack appears to have been a "very targetted, surgical campaign." According to NBC, it's rare for Chinese hackers to disrupt operations, and hacking is more likely for spying purposes.
Matthew Miller, a State Department Spokesperson, said that further details of the case would not be disclosed, stating, "The incident remains under investigation. And we continuously monitor our networks and update our security procedures."
According to Senator Mark Warner (D-VA), cyber capabilities against the U.S. continue to improve, and "close coordination between the U.S. government and the private sector will be critical to countering this threat."
The bottom line
While the investigation is still ongoing, it appears that Microsoft Outlook is now secure again. Immediately after the attack, China's commerce minister, Wang Wentao, met with U.S. Commerce Secretary Gina Raimondo and trade representative Katherine Tai. Secretary of State Antony Blinken has also met with Chinese President Xi Jinping.
In the coming months, we should learn more about additional security measures Microsoft intends to take and if any additional files were breached in the incident.
Related: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
