Microsoft has warned China-based hackers have successfully infiltrated the email accounts of around 25 organisations including government agencies.
The targeted government agencies have not been disclosed by the software giant bur the US Department of Commerce confirmed that Microsoft alerted them about the attack.
Reports suggest that Secretary of Commerce Gina Raimondo was among those affected by the breach.
A spokesperson from the US Department of Commerce stated: “Microsoft notified the Department of a compromise to Microsoft’s Office 365 system, and the Department took immediate action to respond.
“We are monitoring our systems and will respond promptly should any further activity be detected.”
US media outlets reported the State Department was also a target of the hackers.
In response to the allegations, China’s embassy in London dismissed them as “disinformation” and labelled the US government as “the world’s biggest hacking empire and global cyber thief”.
Microsoft identified the hacking group behind the attack as Storm-0558, which it stated primarily focuses on government agencies in Western Europe and engages in espionage, data theft, and credential access.
The hackers gained access to email accounts by forging digital authentication tokens, typically used to verify individuals’ identities.
An investigation conducted by Microsoft revealed the breaches began in mid-May.
The company stated that it has successfully mitigated the attack and has reached out to the affected customers.
It added it has implemented enhanced automated detections for known indicators of compromise associated with this specific attack and has found no evidence of further unauthorized access.
In May, Microsoft – along with Western intelligence agencies – accused Chinese hackers of using malware to target infrastructure on US military bases in Guam.
Experts said the cyber espionage campaign was one of the largest ever recorded against the US.
Beijing criticised the Microsoft report, saying it was “highly unprofessional” and dismissing it as “disinformation”.
China routinely denies involvement in hacking activities, irrespective of the evidence.
