Microsoft uncovers Chinese cyber espionage in Western Europe

A China-based hacking group breached a series of email accounts linked to government agencies in Western Europe, Microsoft Corp has disclosed.

The group, which Microsoft tracks as Storm-0558, infiltrated email systems of about 25 organizations in May and managed to evade detection for a whole month, the technology giant said in a blog post.

The breach came to light during a mid-June investigation triggered by customer reports of unusual email activities, Microsoft said.

The company did not name the government agencies or the specific countries that they are based in.

Microsoft’s executive vice president, Charlie Bell, said: “Our assessment points towards espionage as the primary motive, with the hackers aiming to gain access to email systems for intelligence gathering.”

Storm-0558

Storm-0558 pulled off the cyberattack by counterfeiting authentication tokens necessary to access users’ email accounts. Microsoft has taken the necessary mitigation steps and informed the affected customers, the firm said.

Microsoft said in the blog post that it is collaborating with the Department of Homeland Security’s cyber defense division while also continuing to monitor the China-based group. The company said it has ramped up its security measures by incorporating “substantial automated detections” to spot system compromise indicators.

The latest incident marks yet another episode of China-based hacking groups launching attacks aimed at siphoning off sensitive information. This May, Microsoft disclosed that Volt Typhoon, a hacking group presumably backed by the Chinese state, had breached infrastructure organizations in Guam and other parts of the US.