Trail of Errors Led to Chinese Hack of Microsoft Cloud Email

Chinese hackers were able to access the email accounts of senior U.S. officials after Microsoft included an active digital signing key in a snapshot of data taken to analyze a crash of its consumer signing system in April 2021.

See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense

Inclusion of the key in the crash dump was just one of many mishaps leading to a China-based espionage hacking group Microsoft tracks as Storm-0558 gaining access to email accounts tied to 25 different organizations, including the U.S. Departments of State and Commerce (see: Hackers Stole Signing Key, Hit US Government’s Microsoft 365).

Microsoft detailed the chain of events leading to the hack in a Wednesday blog post. The email hacks started May 15 and went undetected for a month, coinciding with a European Parliament meeting on China policy and U.S. diplomatic trips to China. Tensions between the U.S. and China are mounting amid concern over Chinese aggression in the South China Sea and American steps to restrict Beijing’s access to advanced technology (see: US Restricts Investment in Chinese AI, Other Technologies).

The computing giant has previously acknowledged that the Chinese hackers were able to create their own authentication tokens to access cloud-based Outlook email accounts using a digital key from Microsoft’s signing system.

The crash dump contained the…