Microsoft Mitigates Hacker Access To Government Email Accounts

Microsoft announced that it recently blocked a group of hackers, which it labeled Storm-0558, that accessed email accounts belonging to around 25 organizations, including government agencies. How Hackers Gained Access To Email AccountsIn a blog post, Microsoft said it began investigating abnormal activity in some email accounts on June 16 after being notified by customers. Its investigation revealed that beginning May 15, the hacking group exploited a vulnerability to forge authentication tokens and gain entry into organizations’ Microsoft 365 accounts. Using a compromised Microsoft consumer account signing key, the hackers could impersonate users and access email accounts through services like Outlook Web Access and Outlook.com. Microsoft claims it has fully resolved the issue and blocked the hackers’ access.