Microsoft admits unauthorized access to Exchange Online, blames Chinese gang


US commerce secretary Gina Raimondo and other State and Commerce Department officials were reportedly among the victims of a China-based group’s attack on Microsoft’s hosted email services.

The widespread reports cite “unnamed officials” as their source and note that the US State Department denies that any classified systems were breached or any data was stolen.

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a joint advisory detailing how a Federal Civilian Executive Branch (FCEB) agency was tipped off when it observed MailItemsAccessed events with an unexpected ClientAppID and AppID in Microsoft 365 Audit Logs – as the AppId did not normally access mailbox items in that manner.

The FCEB agency reported the activity to Microsoft, which confirmed threat actors accessed and exfiltrated unclassified Exchange Online Outlook data. Microsoft said it was made aware of the hack on June 16, but had kept it under wraps while “working with the impacted customers and notifying them prior to going public with further details.”

Read more…