Key Pointers:
- Unnamed U.S. Federal Civilian Executive Branch agency detects suspicious email activity, leading to the discovery of a China-linked cyber espionage campaign targeting around two dozen organizations.
- Affected entities include the U.S. State Department, Commerce Department, a congressional staffer’s email account, a U.S. human rights advocate, and U.S. think tanks.
- Microsoft attributes the attack to a China-based threat actor known as Storm-0558, employing forged authentication tokens and custom malware tools.
News:
In a recent joint advisory, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) disclosed a China-backed cyber espionage campaign that compromised the emails of multiple U.S. government agencies. The campaign was unveiled after an unidentified Federal Civilian Executive Branch agency detected suspicious email activity in mid-June 2023.
Among the impacted organizations were the U.S. State Department, Commerce Department, a congressional staffer’s email account, a U.S. human rights advocate, and several U.S. think tanks. The precise number of affected entities remains undisclosed, but it is estimated to be in the single digits.
Microsoft, in their investigation, attributed the campaign to a threat actor named Storm-0558, based in China. Storm-0558 predominantly targets government agencies in Western Europe and specializes in espionage and data theft. The attack exploited forged authentication tokens and employed custom malware tools called Bling and Cigril.
China has vehemently denied involvement in the hacking incident, countering the accusations by labeling the U.S. as the “world’s biggest hacking empire.” This exchange highlights the escalating tensions surrounding cyber warfare and the need for international cooperation to address such threats effectively.
In response to the breach, CISA and the FBI have advised organizations to enhance logging capabilities, enable Microsoft Purview Audit, and ensure searchable logs for detecting abnormal activities. Vigilance and understanding baseline patterns are crucial for organizations to identify potential cyber threats.
This attack serves as a reminder for governments and organizations worldwide to bolster their cybersecurity measures, share threat intelligence, and foster collaboration to mitigate the risks posed by sophisticated cyber campaigns.