A spying campaign by Chinese hackers against European and US government services has been uncovered. The hackers found a hole in Microsoft’s mail servers.

Microsoft will also publish further information itself. In a double blog post, the company writes that 25 organizations in Western Europe and the USA, including government cabinets, have been monitored for the past month. The Chinese hacker collective Storm-0558 is behind the attack.

It is currently unknown who the European victims could be. The Washington Post assumes that the hackers on the American side had access to the e-mail traffic of Secretary of Commerce Gina Raimondo. This supports the hypothesis that the hackers operated out of political motives, since Raimondo and her cabinet are partly responsible for the trade restrictions that the US is enforcing against China. Although Beijing will of course deny any involvement.

loophole

According to the same newspaper, it was also the US government that reported to Microsoft in mid-June that something was wrong with the internal network. Microsoft launched an investigation into this and found that the intruders had been snooping around for at least a month. The software giant also had to endure a small mea culpa, as a vulnerability in the online mail servers opened the doors.

The attackers managed to forge authentication tokens to access victims’ email accounts via Outlook on the web. If they had the right key, they could pose as the account owner and keep an eye on email traffic. Microsoft confirms that the vulnerability has been fixed.

All in all, Microsoft was quick to drive out the attackers. Hackers often manage to remain undetected for months before striking. This is particularly the case with “espionage,” where the attackers’ goal is precisely to stay under the radar.