Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

MitM Attack Targets Outlook Users in China

Chinese authorities are accused of launching a man-in-the-middle (MitM) attack against customers of Microsoft’s email service Outlook.

Chinese authorities are accused of launching a man-in-the-middle (MitM) attack against customers of Microsoft’s email service Outlook.

GreatFire, a non-profit organization that monitors online censorship in China, reported that the attack, which started on January 17, lasted for roughly a day. The attack targeted the Internet Message Access Protocol (IMAP) and the Simple Mail Transfer Protocol (SMTP) for Outlook, but outlook.com and login.live.com were not affected.

During the MitM attack, Chinese users trying to access Outlook via an email client were presented with a security alert. However, as GreatFire points out, it’s easier for users to ignore email client warnings than ones displayed in Web browsers. They simply have to click the “Continue” button and the warning disappears. Considering that email clients usually run in the background, it’s not difficult to imagine that many users clicked “Continue” without giving it too much thought.

Those who clicked the “Continue” button allowed the attackers to intercept their passwords, contacts and emails.

This isn’t the first MitM attack allegedly launched by the Chinese government against the country’s Internet users. In the past, Google, Yahoo and even GitHub users were targeted in similar attacks. In October, Chinese authorities were accused of launching attacks against iCloud users. Outlook was also attacked briefly during the iCloud incident.

Officials denied the accusations brought against the government in October and, as always, highlighted that China opposes all forms of hacking.

GreatFire believes that, just like the previous attacks, the operation targeting Outlook was orchestrated or at least approved by Lu Wei, China’s minister of the Cyberspace Administration.

“If our accusation is correct, this new attack signals that the Chinese authorities are intent on further cracking down on communication methods that they cannot readily monitor,” GreatFire said in a blog post.

Advertisement. Scroll to continue reading.

The organization says it hasn’t seen the country’s massive censorship and surveillance system, known as the Great Firewall of China, being used in large scale operations following the iCloud attack, until now at least.

“The authorities are most likely continuing to test their MITM technology. The authorities may also be gauging user response. By keeping track of how many users ignore the certificate warnings, the authorities will be able to determine the effectiveness of this type of attack,” GreatFire noted.

GreatFire has warned major software vendors not to trust certificates issued by the China Internet Network Information Center (CNNIC) because the certificate authority is governed by the Cyberspace Administration.

YouTube, Twitter, Facebook, Google, and many other popular Internet services and websites are currently blocked in China.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.