Chinese Hacking Operation Targets US Ambassador to China Nicholas Burns and State Department

2023-07-21 14:48:36
US Ambassador to China Nicholas Burns. PEDRO PARDO / AP

An e-mail box belonging to the American ambassador to China, Nicholas Burns, was hacked as part of a spy operation attributed to a Chinese group, revealed on Thursday July 20 the Wall Street Journal. The American daily adds that a member of the State Department was also affected by this espionage campaign. To these names can be added that of Gina Raimondo, Secretary of Commerce, whose emails were also hacked by the same chinese actor.

The vagueness remains on the real extent of a campaign revealed on July 11 by Microsoft. In a first press release, the American company announced that it had discovered attacks carried out by an unidentified Chinese group, called Storm-0558. According to Microsoft, the group has managed since May 15 to hack an undisclosed number of mailboxes, mainly targeting government agencies, particularly in Europe.

Sophisticated techniques

The intrusion method is sophisticated. The hackers did not steal passwords, but used “authentication tokens”, i.e. passes that certify to a server that, as the owner of a mailbox, a user is entitled to access it. According to the company’s latest report, the hackers managed to get their hands on a Microsoft key and use it to generate these passes, thus accessing several couriers fraudulently. However, we do not yet know how Storm-0558 managed to steal this key.

Little is also known regarding the famous group to date. If the nickname “Storm” is attributed by Microsoft to actors whose analysis and classification are still in progress (the Chinese state groups are baptized “Typhoon”), the company specified from the start that the group in question acted from China and mainly orchestrated espionage campaigns. One of the elements used by the company to establish the location of pirates is classic: concentrated on the days from Monday to Friday, the time slots of activities coincide with the working weeks in China.

Microsoft also specifies that the same actor has been identified behind previous spy campaigns, some of which were aimed since August 2021 at least people related to the themes of Taiwan and the Uighurs. The company’s experts have also found similarities – very limited – in the group’s methods of action with that of APT 31, another player located in China.

Read also: Computer hacking: a flaw at Microsoft affects 30,000 American organizations

1689957184
#Ambassadors #emails #hacked

Leave a Replay