Microsoft, one of the world’s leading technology companies, unveiled on Wednesday an alarming revelation about a cyberespionage campaign reportedly orchestrated by Chinese state-affiliated hackers. The operation successfully infiltrated the email accounts of approximately 25 entities, including government bodies. Details about the specific entities targeted have not been made public by Microsoft. However, once informed of the breach, the US government promptly established communication with the tech giant.
In a statement, Adam Hodge, the spokesperson for the National Security Council, confirmed that the compromised systems were part of Microsoft’s cloud security infrastructure. Importantly, these infiltrated systems were classified as “unclassified.”
He further revealed:
“An intrusion in Microsoft’s cloud security has affected unclassified systems.” He added, “Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service.”
National Security Adviser Jake Sullivan, appearing on ABC’s “Good Morning America,” noted the prompt detection of the breach, and the subsequent prevention of further intrusions. He stated:
“We detected it fairly rapidly and we were able to prevent further breaches. The matter is still being investigated so I have to leave it there.”
Notably, email accounts associated with the Pentagon, the intelligence community, and the military reportedly remained unaffected.
Microsoft identified hacking group Storm-0558, who used counterfeit tokens to access Outlook webmail accounts. They’re assisting affected organizations, investigating the breach, and taking measures to prevent future incidents. How Microsoft and the US government respond to this cyberespionage will be closely watched.