In response to recent claims, Microsoft has denied that Chinese threat actors, who gained unauthorized access to its systems, could have compromised its cloud services as well. The tech giant stands firm on its initial assessment that only Exchange Online and Outlook.com were affected by the breach and asserts that the issue has been resolved, successfully expelling the cybercriminals.
During mid-July 2023, Microsoft disclosed that a group known as Storm-0558, likely linked to Chinese state sponsorship, infiltrated Exchange Online and Azure Active Directory (AD) accounts, impacting several U.S. government agencies. The U.S. State Department was among the targeted agencies, with its cybersecurity experts alerting Microsoft about the breach.
The attackers exploited a zero-day vulnerability in the GetAccessTokenForResourceAPI, enabling them to create signed access tokens and impersonate accounts. Microsoft promptly addressed the zero-day vulnerability.