Microsoft

Microsoft

A vulnerability in Microsoft's Exchange email system allowed threat actors with ties to China to steal about 60,000 emails from the US State Department.

The accounts of State Department personnel that were compromised were mostly used for diplomatic operations in the Indo-Pacific, and the hackers also obtained a list of all the department's correspondence.

Approximately 60,000 unclassified emails were exfiltrated as a result of that breach. No, confidential systems weren't violated. These concerned only the unclassified system.

The threat actors employed forged authentication credentials to access user email accounts via Outlook Web Access in Exchange Online (OWA) and Outlook.com, according to Microsoft researchers.

Source: https://securityaffairs.com/151685/hacking/u-s-state-department-stolen-emails.html

TPRM report: https://scoringcyber.rankiteo.com/company/microsoft

"id": "mic01021023",
"linkid": "microsoft",
"type": "Breach",
"date": "09/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Public Sector',
                        'location': 'United States',
                        'name': 'US State Department',
                        'type': 'Government'}],
 'attack_vector': 'Forged Authentication Credentials',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '60,000',
                 'sensitivity_of_data': 'Unclassified',
                 'type_of_data_compromised': 'Emails'},
 'description': "A vulnerability in Microsoft's Exchange email system allowed "
                'threat actors with ties to China to steal about 60,000 emails '
                'from the US State Department. The compromised accounts were '
                'mostly used for diplomatic operations in the Indo-Pacific, '
                "and the hackers also obtained a list of all the department's "
                'correspondence. Approximately 60,000 unclassified emails were '
                'exfiltrated. No confidential systems were violated. The '
                'threat actors employed forged authentication credentials to '
                'access user email accounts via Outlook Web Access in Exchange '
                'Online (OWA) and Outlook.com.',
 'impact': {'data_compromised': ['60,000 unclassified emails'],
            'systems_affected': ['Exchange Online (OWA)', 'Outlook.com']},
 'initial_access_broker': {'entry_point': 'Outlook Web Access in Exchange '
                                          'Online (OWA) and Outlook.com'},
 'motivation': 'Data Exfiltration',
 'threat_actor': 'Threat actors with ties to China',
 'title': 'Microsoft Exchange Email System Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Microsoft Exchange Email System'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.