A China-based hacking group has breached email accounts linked to government agencies in Western Europe, Microsoft Corp. says.
In a blog post published Tuesday, Microsoft said the group, which it identified as Storm-0558, focuses on acts such as espionage and data theft.
The group gained access to email accounts affecting about 25 organizations including government agencies and to accounts of individuals linked to these organizations, and had gone undetected for about a month until customers complained to Microsoft about abnormal mail activity.
“We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection,” Charlie Bell, Microsoft’s executive vice president of security, said in a separate Microsoft post.
The hackers carried out the breach by forging authentication tokens — a piece of information used to verify the identity of a user — required to access the email accounts. Microsoft has since dealt with the attack and informed affected customers.
Microsoft said it is working with the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency, among others, to guard against such attacks.
It also said it would continue to monitor Storm-0558’s activities.
The Storm-0558 attack is the latest security breach discovered to have been carried out by China-based hackers.
Last month, Google-owned cybersecurity firm Mandiant said suspected state-backed Chinese hackers broke into the networks of hundreds of public and private sector organizations globally by using a security hole in a popular email security tool.
Earlier this year, Microsoft said state-backed Chinese hackers have been targeting U.S. critical infrastructure and could be laying the technical groundwork for the potential disruption of critical communications between the U.S. and Asia during future crises.
China says the U.S. also engages in cyberespionage against it, hacking into computers of its universities and companies.