Cyber ​​attack on journalists: investigations into Microsoft hack underway!

Cyber ​​attack on journalists: investigations into Microsoft hack underway!

A targeted cyberattack on several journalists' email accounts has sparked concern and raises serious questions about the security of Microsoft services. According to a report by the Washington Post Affected reporters' Microsoft accounts were compromised, potentially allowing access to sensitive work emails in areas such as national security and economic policy, including reporting on China. The break-in was discovered on Thursday and editor-in-chief Matt Murray announced an internal investigation.

Insiders informed Reuters of the unauthorized access, and initial reporting of the incident dates from Wall Street Journal. A foreign government, possibly from China, is suspected to be involved in the attack.

Existing security vulnerabilities

A relevant incident in this context became known in July 2023, when hackers gained access to Outlook email accounts from 25 organizations. Microsoft revealed that these attackers, dubbed “Storm-0558,” had broad powers in the Microsoft cloud since 2021. This hacker group is said to have carried out a Chinese state espionage attack, and the attacks were carried out by using fake authentication tokens that allowed them to access the emails starting May 15, 2023, as the daily news reported.

An investigation found that a technical issue in Microsoft's consumer signature system in April 2021 led to the leakage of a signature key that the hackers obtained. This master key gave them broad access to many Microsoft cloud applications, including email (Exchange, Outlook), files (OneDrive, SharePoint), and collaborative platforms (Teams, Skype).

Reactions and consequences

The consequences of the attack are not yet fully foreseeable. A double-digit number of government-affiliated accounts were hacked, but it remains unclear whether the attackers may have gained additional secret access or set up backdoors. Microsoft has emphasized that there was no direct harm to normal users of the Microsoft cloud.

However, experts are calling for enhanced security measures, including true end-to-end encryption, to prevent future attacks. The incident also exposed security flaws in Microsoft's cloud architecture. Critics believe Microsoft is downplaying the extent of the event and are calling for more transparency.

The discussion about the security situation is also taken up by political institutions. The Federal Office for Information Security (BSI) is examining the possible effects of the attack on the federal administration's cloud projects. In addition, MEPs are calling for a review of the security situation in the European Parliament and independence from US companies in order to ensure data security in the European Union.