1. Home
  2. >
  3. Business đź’Ľ
Posted

Chinese hack of Microsoft engineer led to breach of US officials' emails, company says

  • Chinese hackers stole data from a Microsoft engineer, enabling them to access emails of US officials.

  • The hacking gave China insights into US thinking ahead of a trip to China by Secretary of State Blinken.

  • Email accounts breached included the US Ambassador to China and the Commerce Secretary.

  • A Republican Congressman said his account was also hacked.

  • Microsoft has corrected issues that allowed the hackers to obtain the data, as part of efforts to improve security.

cnn.com
Relevant topic timeline:
Main topic: Russian state-sponsored hackers posing as technical support staff on Microsoft Teams to compromise global organizations, including government agencies. Key points: 1. The hacking campaign was carried out by a Russian state-sponsored group known as APT29 or Cozy Bear. 2. The group is linked to the SolarWinds attack in 2020 and is part of Russia's Foreign Intelligence Service. 3. The hackers used previously compromised Microsoft 365 accounts to create new technical support-themed domains. 4. They sent Microsoft Teams messages to manipulate users into granting approval for multi-factor authentication prompts. 5. By gaining access to user accounts, the hackers aimed to exfiltrate sensitive information. 6. Less than 40 unique global organizations were targeted or breached, including government agencies, non-government organizations, and various sectors. 7. Microsoft has mitigated the use of the domains and continues to investigate the activity. 8. The campaign follows a recent incident where Chinese hackers exploited a flaw in Microsoft's cloud email service.
Chinese hackers targeted government and government-linked organizations worldwide, exploiting a zero-day vulnerability in Barracuda Email Security Gateway (ESG), with a particular focus on entities in the Americas, according to a report by Mandiant. Almost one-third of the hacked appliances belonged to government agencies, and the attacks were motivated by espionage, with a threat actor known as UNC4841 exfiltrating data from high-profile users in government and high-tech industries. Despite patches, the FBI warns that compromised devices are still being targeted, and advises customers to replace hacked appliances and investigate potential breaches.
The University of Minnesota confirmed a data breach in which a hacker gained unauthorized access to sensitive information of applicants, students, and employees, including Social Security numbers and passport information, dating back to 1989.