On Friday, Microsoft attempted to explain the cause of a breach that gave hackers working for the Chinese government access to the email accounts of 25 of its customers—reportedly including the US Departments of State and Commerce and other sensitive organizations.
In a post on Friday, the company indicated that the compromise resulted from three exploited vulnerabilities in either its Exchange Online email service or Azure Active Directory, an identity service that manages single sign-on and multifactor authentication for large organizations. Microsoft’s Threat Intelligence team said that Storm-0558, a China-based hacking outfit that conducts espionage on behalf of that country’s government, exploited them starting on May 15. Microsoft drove out the attackers on June 16 after a customer tipped off company researchers of the intrusion.
Above all else: Avoid the Z-word
In standard parlance among security professionals, this means that Storm-0558 exploited zero-days in the Microsoft cloud services. A “zero-day” is a vulnerability that is known to or exploited by outsiders before the vendor has a patch for it. “Exploit” means using code or other means to trigger a vulnerability in a way that causes harm to the vendor or others.