- Microsoft disclosed that Chinese threat actors hacked the emails of over two dozen government officials and related consumer accounts across the U.S. and Western Europe.
- Chinese cyberespionage group Storm-0558 is behind the hack.
- Senior officials from the FBI and CISA confirmed that compromised systems were unclassified and that the number of impacted U.S. organizations was in the single digits.
This week, Microsoft disclosed that Chinese threat actors hacked the emails of over two dozen government officials and related consumer accounts across the U.S. and Western Europe. The threat group, tracked as Storm-0558 by Microsoft, exploited a recently discovered vulnerability in Exchange Online Outlook, Microsoft’s cloud email service.
Microsoft’s disclosure came almost a month after the Federal Civilian Executive Branch (FCEB) agency identified and reported suspicious activity on June 15, 2023, wherein the hackers accessed and exfiltrated unclassified Exchange Online Outlook data in their Microsoft 365 (M365) cloud environment to the company and Cybersecurity and Infrastructure Security Agency (CISA).
The Redmond-based IT giant said it mitigated the attack, wherein Storm-0558 compromised 25 email accounts by forging authentication tokens through Outlook Web Access in Exchange Online (OWA) and Outlook.com starting May 15, 2023.
“Unfortunately, there is no simple patch at the moment for CVE-2023-36844,” Ashley Leonard, founder & CEO at Syxsense, told Spiceworks. Microsoft is expected to roll out an out-of-band patch before August Patch Tuesday.
Until then, admins can deploy a countermeasure to remediate the vulnerability: “to block all Office applications from creating child processes and update registry keys to avoid exploitation. For those utilizing unified security and endpoint management solutions, you should be able to utilize a workflow countermeasure immediately to accomplish this.”
“However, it’s still important to note that updating registry settings could affect regular functionality for certain use cases related to these applications. And Microsoft also recommends turning on cloud-delivered protection in Microsoft Defender Antivirus, as Microsoft Defender can help protect organizations against this zero-day.”