The recent Chinese hack targeting senior officials at the U.S. State and Commerce departments originated from the compromise of a Microsoft engineer’s corporate account, Microsoft Corp revealed in a blog post on Wednesday.
According to Microsoft, the engineer’s account was breached by a hacking group it refers to as Storm-0558, which is accused of stealing hundreds of thousands of emails from high-ranking U.S. officials, including Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns, and Assistant Secretary of State for East Asia Daniel Kritenbrink.
The blog post addressed lingering questions about the incident, which has intensified scrutiny of Microsoft’s security measures and prompted calls for an investigation into the company’s practices.
Importantly, the post clarified how the hackers managed to extract a cryptographic key from the engineer’s account and use it to access email accounts that should have been beyond their reach.
Microsoft stated that it has since corrected the vulnerabilities that allowed the key to be accessible from the engineer’s account, enabling the hackers to steal such a large volume of emails.
A Microsoft representative explained that the engineer’s account had been compromised using “token-stealing malware” but did not provide additional details regarding the incident or its timing.
The Chinese Embassy in Washington did not immediately respond to an email inquiry. Beijing has previously dismissed the allegations of email theft from top U.S. officials as “groundless narratives.”
