On July 11, 2023, Microsoft revealed that a Chinese cybercriminal group, Storm-0558, had access to the Outlook accounts and emails of 25 international bodies for a month. While Microsoft does not name names, government agencies, particularly in Western Europe, were some of the victims.
The US tech giant began investigating on June 16, 2023, after customers reported abnormal activity on their messaging services. “Over the following weeks, our investigation revealed that, starting from May 15, 2023, Storm-0558 accessed the messaging accounts of around 25 organizations, including government agencies, as well as personal accounts linked to these organizations,” explained Microsoft.
The Redmond company also stated it quickly managed to limit the scope of the attack, and “block Storm-0558’s access to compromised email addresses.” Microsoft, which is working with CISA on the case, is continuing its investigation into the cybercriminal group. Its blog post explains that Storm-0558 is “a State-sponsored group based in China. It focuses on espionage, data theft, and access to login details.”