- Chinese cyber-espionage campaign breached Microsoft Outlook accounts, accessing tens of thousands of US government emails.

- Storm-0558 group stole 60,000 emails from 10 State Department accounts, including those of individuals working on East Asia and Pacific diplomacy.

- Hackers also obtained a list of all State Department email accounts.

- Concerns raised about the federal government's reliance on a single vendor for cybersecurity.

- Microsoft previously revealed the campaign's compromise of at least 25 organizations, including the US government.

- Threat actors gained access to customer email accounts via Outlook Web Access in Exchange Online and Outlook.com.

- Chinese hackers exploited a zero-day validation issue to forge signed access tokens and impersonate accounts within the State Department and other organizations.

#cybersecurity #hacking #espionage #Microsoft #USgovernment #Storm0558

https://www.infosecurity-magazine.com/news/microsoft-breach-60000-state/