Thursday, July 13, 2023

Think Tanks Targeted in Latest Chinese Hack

Here is more from the Washington Post:

Chinese cyberspies, exploiting a fundamental gap in Microsoft’s cloud, hacked email accounts at the Commerce and State departments, including that of Commerce Secretary Gina Raimondo — whose agency has imposed stiff export controls on Chinese technologies that Beijing has denounced as a malicious attempt to suppress its companies.

The Microsoft vulnerability was discovered last month by the State Department. Also targeted were the email accounts of a congressional staffer, a U.S. human rights advocate and U.S. think tanks, officials and security professionals said. State and Commerce were the only two executive branch agencies known to be breached, officials said.

The Redmond, Wash.-based tech giant said the hackers, whom the firm calls Storm-0558, gained access on May 15. They did this by using forged authentication tokens to access user email using “an acquired Microsoft account consumer signing key,” according to a blog written by Charlie Bell, Microsoft’s executive vice president of security.


This is one of numerous attempts by Chinese hackers to access internal think tank information.