Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Tracking & Law Enforcement

MitM Attack Targets Outlook Users in China

Chinese authorities are accused of launching a man-in-the-middle (MitM) attack against customers of Microsoft’s email service Outlook.

Chinese authorities are accused of launching a man-in-the-middle (MitM) attack against customers of Microsoft’s email service Outlook.

GreatFire, a non-profit organization that monitors online censorship in China, reported that the attack, which started on January 17, lasted for roughly a day. The attack targeted the Internet Message Access Protocol (IMAP) and the Simple Mail Transfer Protocol (SMTP) for Outlook, but and were not affected.

During the MitM attack, Chinese users trying to access Outlook via an email client were presented with a security alert. However, as GreatFire points out, it’s easier for users to ignore email client warnings than ones displayed in Web browsers. They simply have to click the “Continue” button and the warning disappears. Considering that email clients usually run in the background, it’s not difficult to imagine that many users clicked “Continue” without giving it too much thought.

Those who clicked the “Continue” button allowed the attackers to intercept their passwords, contacts and emails.

This isn’t the first MitM attack allegedly launched by the Chinese government against the country’s Internet users. In the past, Google, Yahoo and even GitHub users were targeted in similar attacks. In October, Chinese authorities were accused of launching attacks against iCloud users. Outlook was also attacked briefly during the iCloud incident.

Officials denied the accusations brought against the government in October and, as always, highlighted that China opposes all forms of hacking.

GreatFire believes that, just like the previous attacks, the operation targeting Outlook was orchestrated or at least approved by Lu Wei, China’s minister of the Cyberspace Administration.

Advertisement. Scroll to continue reading.

“If our accusation is correct, this new attack signals that the Chinese authorities are intent on further cracking down on communication methods that they cannot readily monitor,” GreatFire said in a blog post.

The organization says it hasn’t seen the country’s massive censorship and surveillance system, known as the Great Firewall of China, being used in large scale operations following the iCloud attack, until now at least.

“The authorities are most likely continuing to test their MITM technology. The authorities may also be gauging user response. By keeping track of how many users ignore the certificate warnings, the authorities will be able to determine the effectiveness of this type of attack,” GreatFire noted.

GreatFire has warned major software vendors not to trust certificates issued by the China Internet Network Information Center (CNNIC) because the certificate authority is governed by the Cyberspace Administration.

YouTube, Twitter, Facebook, Google, and many other popular Internet services and websites are currently blocked in China.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of...


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...


A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...