Federal Agency Identified Chinese Cyberattack Against Microsoft

organizations including government agencies and individual consumer accounts. The attack started May 15, and Microsoft was alerted to the activity June 16. The hackers gained access “by using forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key,” Microsoft said. Those tokens have since been blocked. CISA and the FBI issued a joint advisory on the attack Wednesday. The federal agency, which officials declined to identify, noticed unexpected activity on its Microsoft 365 network, a senior CISA official told reporters. The attackers accessed a “limited amount” of Microsoft Outlook data, the official said. The intrusion shouldn’t be compared to the SolarWinds supply chain attack, an FBI official said, calling it a much “narrower” attack. Officials declined to state an exact number of victims in the Microsoft attack. The Senate Intelligence Community is “closely monitoring” the breach, Chairman Mark Warner, D-Va., said Wednesday. “It’s clear [China] is steadily improving its cyber collection capabilities directed against the U.S. and our allies,” said Warner. “Close coordination between the U.S. government and the private sector will be critical to countering this threat.”