Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

MitM Attack Targets Outlook Users in China

Chinese authorities are accused of launching a man-in-the-middle (MitM) attack against customers of Microsoft’s email service Outlook.

Chinese authorities are accused of launching a man-in-the-middle (MitM) attack against customers of Microsoft’s email service Outlook.

GreatFire, a non-profit organization that monitors online censorship in China, reported that the attack, which started on January 17, lasted for roughly a day. The attack targeted the Internet Message Access Protocol (IMAP) and the Simple Mail Transfer Protocol (SMTP) for Outlook, but outlook.com and login.live.com were not affected.

During the MitM attack, Chinese users trying to access Outlook via an email client were presented with a security alert. However, as GreatFire points out, it’s easier for users to ignore email client warnings than ones displayed in Web browsers. They simply have to click the “Continue” button and the warning disappears. Considering that email clients usually run in the background, it’s not difficult to imagine that many users clicked “Continue” without giving it too much thought.

Those who clicked the “Continue” button allowed the attackers to intercept their passwords, contacts and emails.

This isn’t the first MitM attack allegedly launched by the Chinese government against the country’s Internet users. In the past, Google, Yahoo and even GitHub users were targeted in similar attacks. In October, Chinese authorities were accused of launching attacks against iCloud users. Outlook was also attacked briefly during the iCloud incident.

Officials denied the accusations brought against the government in October and, as always, highlighted that China opposes all forms of hacking.

GreatFire believes that, just like the previous attacks, the operation targeting Outlook was orchestrated or at least approved by Lu Wei, China’s minister of the Cyberspace Administration.

“If our accusation is correct, this new attack signals that the Chinese authorities are intent on further cracking down on communication methods that they cannot readily monitor,” GreatFire said in a blog post.

Advertisement. Scroll to continue reading.

The organization says it hasn’t seen the country’s massive censorship and surveillance system, known as the Great Firewall of China, being used in large scale operations following the iCloud attack, until now at least.

“The authorities are most likely continuing to test their MITM technology. The authorities may also be gauging user response. By keeping track of how many users ignore the certificate warnings, the authorities will be able to determine the effectiveness of this type of attack,” GreatFire noted.

GreatFire has warned major software vendors not to trust certificates issued by the China Internet Network Information Center (CNNIC) because the certificate authority is governed by the Cyberspace Administration.

YouTube, Twitter, Facebook, Google, and many other popular Internet services and websites are currently blocked in China.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

CISO Strategy

The SEC filed charges against SolarWinds and its CISO over misleading investors about its cybersecurity practices and known risks.

Cybercrime

A global cyber espionage campaign has resulted in the networks of many organizations around the world becoming compromised after the attackers managed to breach...

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...