China has called a Microsoft report that a China-based hacking group breached government-linked email accounts “disinformation”, saying on Wednesday that the accusation is aimed at diverting attention from US cyber activities.
In a blog post published on Tuesday, Microsoft said the group, which it identified as Storm-0558, gained access to email accounts linked to 25 organisations, including Western European government agencies.
The breach was detected weeks later when customers complained to Microsoft about abnormal email activity.
“We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection,” Microsoft’s executive vice president of security, Charlie Bell, said in a separate Microsoft post.
A Washington Post report cited a statement from US officials claiming that Storm-0558 also breached unclassified email accounts linked to the US government.
Chinese foreign ministry spokesman Wang Wenbin said the accusation is “disinformation” aimed at diverting attention from US cyberattacks on China.
“No matter which agency issued this information, it will never change the fact that the United States is the world’s largest hacker empire conducting the most cyber theft,” he said in a routine briefing.
“Since last year, the cybersecurity organisations of China and other countries have issued many reports exposing the cyber attacks on China by the US government over a long period of time, but the US has not made a response so far,” he added.
US National Security Adviser Jake Sullivan, who is at the Nato summit in Vilnius, Lithuania, with US President Joe Biden, told ABC’s Good Morning America programme that the investigation is continuing.
“We detected it fairly rapidly and we were able to prevent further breaches,” he said.
“The matter is still being investigated, so I have to leave it there because we’re gathering further information in consultation with Microsoft and we will continue to appraise the public as we learn more.”
The Storm-0558 hackers used forged authentication tokens – pieces of information used to verify the identity of a user – required to access the email accounts, Microsoft said, adding that it has dealt with the attack and informed affected customers.
Microsoft said it is working with the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency, among others, to guard against such attacks. It also said it will continue to monitor Storm-0558’s activities.
Last month, Google-owned cybersecurity firm Mandiant said suspected state-backed Chinese hackers broke into the networks of hundreds of public and private sector organisations globally by using a security hole in a popular email security tool.
Earlier this year, Microsoft said state-backed Chinese hackers were targeting US critical infrastructure and could be laying the technical groundwork to disrupt critical communications between the US and Asia during future crises.
