Microsoft Outlook was subjected to a man-in-the-middle attack in China last week, according to a report by online censorship watchdog GreatFire on Monday.
GreatFire.org was notified of the attack on Saturday, and was able to verify the attack on IMAP and SMTP on Outlook. Outlook’s web interfaces, outlook.com and login.live.com, were not impacted by the attack.
The man-in-the-middle attack lasted for about a day, according to the report, and it is suspected that “Lu Wei and the Cyberspace Administration of China have orchestrated this attack or have willingly allowed the attack to happen.” The administration is responsible for censorship and the Great Firewall.
“If our accusation is correct, this new attack signals that the Chinese authorities are intent on further cracking down on communication methods that they cannot readily monitor,” GreatFire said in a post.
Since email clients typically run in the background, users will “only see an abrupt pop-up warning when the client tries to automatically retrieve messages.” Because of this, GreatFire suspects that most users would hit the “continue” button and ignore the warning where the email client said it can’t verify the server identity, indicating a problem.
The man-in-the-middle attack comes a month after the Chinese government blocked access to Gmail from third-party applications, where users had to check their Gmail email since access to Gmail has been blocked in China for six months. Access was restored within a few days and the Chinese government maintained that it wasn’t behind the outage.
China is the top source of attack traffic, according to a recent report by Akamai, and in October, the Chinese government launched a man-in-the-middle attack against iCloud to align with the launch of the new iPhone.
GreatFire has urged organizations including Microsoft and Apple to “immediately revoke trust for the CNNIC certificate authority” which is governed by the Cyberspace Administration of China.