Our investigation of the security incident disclosed by Microsoft and CISA and attributed to Chinese threat actor Storm-0558, found that this incident seems to have a broader scope than originally assumed. Organizations using Microsoft and Azure services should take steps to assess potential impact.
Results of Major Technical Investigations for Storm-0558 Key Acquisition
A Chinese hacking group exploited a bug in Microsoft’s cloud email service to spy on two-dozen organizations, including some government agencies, the tech giant said late Tuesday.
