icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Chinese Threat Actors Stole Around 60,000 Emails from US State Department in Microsoft Breach

Cyber Security Threat Summary:
China-linked hackers breached Microsoft's email platform in May and stole tens of thousands of emails from U.S. State Department accounts, according to a Senate staffer. During a briefing by State Department IT officials, it was revealed that threat actors targeted around 60,000 emails from a total of 10 State Department accounts belonging to officials working in East Asia, the Pacific, and Europe.

The compromised accounts primarily focused on Indo-Pacific diplomacy. Although the stolen emails were unclassified, the breach raised concerns about cybersecurity. Microsoft had previously mitigated an attack by a China-linked threat actor known as Storm-0558, which targeted customer emails, including government agencies in Western Europe. The attackers exploited a token validation issue and forged authentication tokens to gain access to email accounts. Microsoft's investigation revealed that the threat actors had stolen a signing key from a Windows crash dump in April 2021, which contributed to the breach.

Security Officer Comments:
Microsoft researchers discovered that the threat actors gained access to customer email accounts using Outlook Web Access in Exchange Online (OWA) and Outlook[.]com by forging authentication tokens to access user email. The attackers used an acquired MSA key to forge the tokens to access OWA and Outlook[.]com. The attackers exploited a token validation issue to impersonate Azure AD users and gain access to enterprise mail. In early September, Microsoft shared a comprehensive technical investigation into the way attackers gained access to the Microsoft account consumer signing key.

Suggested Correction(s):
The IT giant announced it had revoked all valid MSA signing keys to prevent attackers from accessing other compromised keys. Below are the improvements implemented after the investigation:

  • Identified and resolved race Condition that allowed the signing key to be present in crash dumps.
  • Enhanced prevention, detection, and response for key material erroneously included in crash dumps.
  • Enhanced credential scanning to better detect presence of signing key in the debugging environment.
  • Released enhanced libraries to automate key scope validation in authentication libraries, and clarified related documentation.
Link(s):
https://securityaffairs.com/151685/hacking/u-s-state-department-stolen-emails.html

Contact Us for Threat Assistance
Back to Current Threats