Microsoft says compromise of its engineer’s accounts caused by Chinese hackers

The recently disclosed Chinese hack of senior officials at
the U.S. State and Commerce departments stemmed from the
compromise of a Microsoft engineer’s corporate account,
Microsoft Corp said in a blog post on Wednesday.
Microsoft said the engineer’s account had been penetrated by
a hacking group it dubs Storm-0558, which is alleged to have
stolen hundreds of thousands of emails from top American
officials including Commerce Secretary Gina Raimondo, U.S.
Ambassador to China Nicholas Burns and Assistant Secretary of
State for East Asia Daniel Kritenbrink.
The blog post addressed some unanswered questions around the
incident, which drew fresh scrutiny to Microsoft’s security and
led to calls to investigate the company’s practices.
Notably, the post explained how hackers were able to extract
a cryptographic key from the engineer’s account and use it to
access email accounts that it should not have given them access
to.
Microsoft said it had fixed the flaws that led to the key
being accessible from the unidentified engineer’s account which
gave the hackers such wide latitude to steal emails. A Microsoft
representative said the engineer’s account had been hit using
“token-stealing malware” but did not provide further detail
about the incident or its timing.
The Chinese Embassy in Washington did not immediately return
an email. Beijing has previously described the allegation that
it stole emails from top U.S. officials as “groundless
narratives.”