Chinese hackers broke into a Microsoft engineer’s corporate account, leading to the unauthorized access of email accounts belonging to senior U.S. officials, casting a shadow over the tech giant’s cybersecurity measures. The hack occurred in June, but the company just completed an internal investigation that pointed the finger at its own sloppy security practices.
Bloomberg reports that Microsoft has disclosed that China-linked hackers compromised the corporate account of one of its engineers, then used this unauthorized access to steal a digital key in order to forge authentication tokens. These tokens granted them access to email accounts on Microsoft’s cloud servers, including those belonging to Commerce Secretary Gina Raimondo, Representative Don Bacon, and State Department officials.
Breitbart News previously reported on the significant hack:
“Last month, U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems. Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” said Adam Hodge, spokesman for the White House National Security Council. He added, “We continue to hold the procurement providers of the U.S. government to a high security threshold.”
The full extent and severity of the incident, including the specific institutions and individuals affected, are not yet known. The incident has underscored the growing concerns among senior Western intelligence officials about the ability of Chinese hackers to orchestrate stealthy attacks that can evade detection for years.
China, however, has consistently denied hacking U.S. organizations and has accused the U.S. and its allies of targeting Chinese networks. The Chinese embassy in Washington did not respond to requests for comment on the incident.
The U.S. Cybersecurity and Infrastructure Security Agency and Microsoft had initially disclosed the breach in June. However, the exact mechanism by which the hackers were able to steal the key remained unclear until now. Microsoft stated in a blog post that the key was stored improperly in “crash dump” data after a computer or application unexpectedly crashed. This dump was then moved to Microsoft’s production environment where it could be accessed by a compromised account belonging to a Microsoft employee.
Adding to the complexity of the situation, Microsoft admitted that it did not have complete confidence in its assessment of how the key was stolen. “Due to log retention policies, we don’t have logs with specific evidence of this exfiltration by this actor, but this was the most probable mechanism by which the actor acquired the key,” the company said.
Read more at Bloomberg here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan