According to recent reports issued by Microsoft and U.S. government agencies, hackers recently exploited a gap in Microsoft’s cloud environment, enabling the malicious actors to access the email accounts of employees at the United States Commerce and State Departments. Including the U.S. government, around 10 organizations were victimized in the U.S. and about 25 were victimized worldwide. Notably, though Microsoft disclosed that the attack was at the hands of a “China-based threat actor,” the government has not yet attributed the attack to any country or group.

The vulnerability was discovered by the State Department on June 16, 2023, and the hackers reportedly had access to the government employee email accounts beginning on May 15, 2023. According to the State Department, while the incident has been mitigated, including the compromise of the email account of Commerce Secretary Gina Raimondo, the FBI investigation into the incident is ongoing. According to Microsoft, the hackers were well-resourced, underscoring the ongoing challenges of securing systems against sophisticated malicious actors.

Microsoft’s blog post provided information on the attack, including that the hackers used forged authentication tokens to access the email accounts and were searching for information that may be useful to the Chinese government. According to the National Security Council and the FBI, no classified information was accessed.

This incident occurred as the administration pushes for stricter cybersecurity guidelines for cloud and software providers. As we noted in our March 2023 advisory on the administration’s National Cybersecurity Strategy, the government has asserted a strong interest in regulating the cloud computing industry and cloud-based services to ensure security and resilience in critical technologies.

[View source.]