The recently disclosed Chinese hack of senior officials at the U.S. State and Commerce Departments stemmed from the compromise of a Microsoft MSFT-Q engineer’s corporate account, Microsoft Corp said in a blog post on Wednesday.
Microsoft said the engineer’s account had been penetrated by a hacking group it dubs Storm-0558, which is alleged to have stolen hundreds of thousands of emails from top American officials including Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns and Assistant Secretary of State for East Asia Daniel Kritenbrink.
The blog post issued on Wednesday addressed some of the unanswered questions around the incident, which drew fresh scrutiny to Microsoft’s security and led to calls to investigate the company’s practices.
Notably, the post explained how hackers were able to extract a cryptographic key from the engineer’s account and use it to access e-mail accounts that the key should not have given them access to.
Microsoft said it had fixed the flaws that led to the key being accessible from the unidentified engineer’s account which gave the hackers such wide latitude to steal emails. A Microsoft representative said the engineer’s account had been hit using “token-stealing malware” but did not provide further detail about the incident or its timing.
Microsoft did not immediately respond to a request for further information about the incident. The Chinese Embassy in Washington did not immediately return an e-mail. Beijing has previously described the allegation that it stole emails from top U.S. officials as “groundless narratives.”