Start your day with intelligence. Get The OODA Daily Pulse.
Microsoft has reported that a Chinese cyberespionage group, known as Storm-0558, used forged authentication tokens to hack government email accounts. The hackers gained access to approximately 25 organizations, including government agencies and consumer accounts associated with the targeted entities. The threat actor exploited a token validation issue in Outlook Web Access and Outlook.com, using a Microsoft account consumer signing key to forge the tokens. Only OWA and Outlook.com were targeted.
Microsoft took steps to mitigate the attack, and impacted customers have been notified. The Storm-0558 group primarily targets government agencies in Western Europe for cyberespionage and data theft. In a separate incident, a Russian threat actor known as Storm-0978 and RomCom exploited a zero-day vulnerability to target defense and government entities in Europe and North America.