Newsletter
A few months ago, Microsoft suffered a major breach that gave Chinese hackers access to certain unclassified data. This includes the emails of certain individuals affiliated with the US government. Initially, the breach was said to affect over 25 accounts, but that number was far from the actual figure the hackers were able to access.
New information now clarifies that the hackers were able to steal over 60,000 US government employee emails. That number is outrageous, and it further highlights the need for tighter security measures within the government. Even though the security flaw came from Microsoft’s part, it was able to expose a ton of emails to bad actors.
The emails stolen belong to US staff working in East Asia, the Pacific, and Europe. With these emails, the hackers can move on to perform phishing attacks on unsuspecting individuals. Here is all you need to know about this security breach and how the government is working to avoid such from repeating itself in the future.
Over 60,000 US government emails in the possession of Chinese hackers highlight the need for better information security
The Storm-0558 Chinese hackers are said to be responsible for the Microsoft breach. From this breach, they were able to get access to tons of US government emails. Over 60,000 emails of various US government staff in various locations are in the possession of these hackers.
All emails in the possession of these hackers are unclassified, meaning that they don’t hold any confidential information. However, these hackers can still put them to use while trying to carry out phishing attacks. The attack that gave away these emails took place in July 2023 and went unnoticed for a while.
However, the US government was able to tip Microsoft to the attack, hence prompting an urgent response. It took Microsoft some time to understand how these hackers were able to get access to their system. After some research, it became clear that the Chinese hackers were able to get access to a consumer key for this attack.
With the key, they were not only able to get access to Microsoft’s system but also to steal users’ emails. In a recent briefing, Senator Eric Schmitt threw light on the need for the US government to harden their defenses “against these types of cyberattacks and intrusions in the future.” Certainly, this won’t be the last cyberattack that the US government will have come its way.
With adequate protective and preventive measures, the US government will be able to defend against such attacks. This will not only protect the government and its employees but also the citizens at large. Large data companies also need to ensure they build resilient security systems that can withstand such attacks, hence protecting user information.