Microsoft has denied claims that the Chinese threat actors who recently broke into its systems could have cracked its cloud services as well. The company is standing by its previous assessment that it was only Exchange Online and Outlook.com that were compromised, and that it managed to fix the issue and expel the crooks.
In mid-July 2023, Microsoft announced that a threat actor known as Storm-0558, seemingly a Chinese state-sponsored group, managed to access Exchange Online and Azure Active Directory (AD) accounts in roughly two dozen instances affecting, among others, U.S. c. It was later discovered that the US State Department was one of those agencies, and that its cybersecurity experts were the one tipping Microsoft off about the hack in the first place.
