Talk can be bravado and can be cheap. President Biden’s administration vowed consequences for those responsible for hacking a Microsoft cloud system that granted access to government emails on Sunday.
White House national security adviser Jake Sullivan made the statement during an appearance on ABC’s “This Week,” saying investigators are still working to pin down the source of the hack. Preliminary investigations suggest the hack came from a China-based group. “This was actually an intrusion into a Microsoft cloud system, and through that cloud system they got into unclassified U.S. government emails. It was the U.S. government who discovered the intrusion, alerted Microsoft, got it shut down. And now we’re taking steps to ensure that’s not an ongoing vulnerability,” Sullivan said.
“Secondly, this is the type of activity and behavior that we have seen from multiple foreign adversaries over multiple administrations. And in every case, we take the necessary time and rigor to be able to fully investigate what happened, who did it, and what the best response is. We’re still in the middle of that. So I’m going to leave it to our continued working through of this challenge. But as we have in the past, we will take steps to hold those who perform this responsible,” he added.
Microsoft stated last week that a China-based hacking group it identified as Storm-0558 breached email accounts from approximately 25 organizations, including U.S. government agencies. The threat actor, the tech giant noted, primarily targets government agencies in Western Europe and focuses on espionage, data theft and credential access.
“We have been working with the impacted customers and notifying them prior to going public with further details. At this stage – and in coordination with customers – we are sharing the details of the incident and threat actor to benefit the industry,” Microsoft said in a blog post. Microsoft began an investigation into anomalous mail activity based on customer-reported information on June 16, with the inquiry revealing that Storm-0558 gained access to organization and consumer email accounts using Outlook Web Access Exchange Online and Outlook.com starting on May 15.