Microsoft has confirmed that a group of hackers based in China gained unauthorized access to the email accounts of several senior company executives, along with employees in departments handling cybersecurity and legal matters.
The breach, which Microsoft said was part of a highly targeted espionage campaign, began in mid-May and was detected several weeks later in June.
The attackers reportedly forged digital authentication tokens using a stolen Microsoft signing key, allowing them to gain access to enterprise email accounts hosted on the company’s cloud platform.
The hacking group, identified by Microsoft as Storm-0558, is believed to be affiliated with the Chinese government and has a known history of cyber-espionage activities. According to Microsoft, the hackers exploited a vulnerability in its cloud infrastructure to forge tokens that bypassed authentication safeguards.
These forged credentials allowed them to impersonate users and gain access to Outlook email accounts without triggering security alerts. Microsoft has since revoked the compromised key and implemented new protections to close the exploited loophole.
While the company did not disclose the exact number of accounts affected, it confirmed that the victims include individuals responsible for sensitive internal operations. U.S. government officials were notified of the breach and federal cybersecurity authorities are now working with Microsoft to assess the extent of the intrusion and evaluate the impact on any government-related communications.
This breach comes amid growing global concerns about the security of cloud services and the increasing frequency of state-sponsored cyberattacks. Security researchers have criticized the apparent delay in detecting the breach and are calling for stronger safeguards in enterprise-level cloud systems.
Microsoft stated it is cooperating fully with government agencies and continuing its internal investigation. The company described the attack as limited in scope but acknowledged the sophistication and persistence of the threat actor involved.
Written By Ian Maleve
