Chinese Spies Hack Master Keys to Microsoft’s Cloud

Written by

Geoff Halstead

Published on

February 3, 2024

Reading time

1 min.

Put this in the category of “If it’s in the Cloud, it will be compromised”

On July 12, word spread across the cybersecurity about an audacious and deep penetration of Microsoft’s Cloud Security defenses. The point here is not to call out Microsoft – who have top notch security processes and teams. The point is simply that anything in the Cloud can and will be compromised so long as the keys to access it are kept there.

Wired Magazine:

FOR MOST IT professionals, the move to the cloud has been a godsend. Instead of protecting your data yourself, let the security experts at Google or Microsoft protect it instead. But when a single stolen key can let hackers access cloud data from dozens of organizations, that trade-off starts to sound far more risky.

Late Tuesday evening, Microsoft revealed that a China-based hacker group, dubbed Storm-0558, had done exactly that. The group, which is focused on espionage against Western European governments, had accessed the cloud-based Outlook email systems of 25 organizations, including multiple government agencies.

Those targets encompass US government agencies including the State Department, according to CNN, though US officials are still working to determine the full scope and fallout of the breaches. An advisory from the US Cybersecurity and Infrastructure Security Agency says the breach, which was detected in mid-June by a US government agency, stole unclassified email data “from a small number of accounts.”

Read the Article on Wired:

Related posts

AT&T Admits that Data of “Nearly All” Customers Was Breached in 2022

Reading Time: 2 min.

The New York Times reported today that AT&T disclosed a significant data breach affecting nearly all of its customers. The…

Read more

NSA Report Details the Extent and Effectiveness of PRC Exploitation of the Internet

Reading Time: 2 min.

The NSA release this week a comprehensive report with explicit details of the extent of the activity and ‘Tradecraft” of…

Read more

Chrome Browser Revealed to Secretly Spy on PCs

Reading Time: 1 min.

Luca Casonato 🏳️‍🌈 on Twitter / X Developer Luca Casonato posted a series of tweets on July 9. He revealed…

Read more

Chinese Spies Hack Master Keys to Microsoft’s Cloud

Put this in the category of “If it’s in the Cloud, it will be compromised” On July 12, word spread across the cybersecurity about an audacious and deep penetration of Microsoft’s Cloud Security defenses. The point here is not to call out Microsoft – who have top notch security processes…

Reading Time: 1 min.

Put this in the category of “If it’s in the Cloud, it will be compromised”

On July 12, word spread across the cybersecurity about an audacious and deep penetration of Microsoft’s Cloud Security defenses. The point here is not to call out Microsoft – who have top notch security processes and teams. The point is simply that anything in the Cloud can and will be compromised so long as the keys to access it are kept there.

Wired Magazine:

FOR MOST IT professionals, the move to the cloud has been a godsend. Instead of protecting your data yourself, let the security experts at Google or Microsoft protect it instead. But when a single stolen key can let hackers access cloud data from dozens of organizations, that trade-off starts to sound far more risky.

Late Tuesday evening, Microsoft revealed that a China-based hacker group, dubbed Storm-0558, had done exactly that. The group, which is focused on espionage against Western European governments, had accessed the cloud-based Outlook email systems of 25 organizations, including multiple government agencies.

Those targets encompass US government agencies including the State Department, according to CNN, though US officials are still working to determine the full scope and fallout of the breaches. An advisory from the US Cybersecurity and Infrastructure Security Agency says the breach, which was detected in mid-June by a US government agency, stole unclassified email data “from a small number of accounts.”

Read the Article on Wired:

If you liked this post, Share it on: