Microsoft announced Tuesday that they mitigated an attack by a China-based threat actor that targeted cloud-based customer emails in Microsoft 365 at about 25 organizations. They tied the attacks to a threat group Microsoft tracks as Storm-0558, a cyber-espionage group focused on collecting sensitive information by penetrating email systems using forged authentication tokens.
According to a Microsoft advisory, Storm-0558 primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access, but mainstream news outlets reported late Wednesday that both the Commerce and State departments were hacked, including Commerce Secretary Gina Raimondo.