Cyber Incident Victim: Microsoft

On January 19, 2015, online censorship watchdog Greatfire reported that Microsoft Outlook services in China were subjected to a man-in-the-middle (MITM) attack targeting IMAP and SMTP protocols over the weekend. The attack involved malicious routing to a server impersonating Outlook.com, which triggered pop-up certificate warnings within email clients. Unlike browser warnings, these client-based alerts were deemed "especially devious" as users were more likely to dismiss them as network errors and click "continue" without scrutiny. Clicking the warning potentially exposed emails, contacts, and passwords to attackers. The web interfaces of Outlook remained unaffected. Greatfire confirmed the attack lasted approximately one day before ceasing, though it noted the possibility of recurrence. Microsoft acknowledged a "small number of customers" were impacted and advised affected users to contact their internet service providers if they encountered certificate warnings.

This incident followed MITM attacks against Google, Yahoo, and Apple services in China, as well as the complete blockage of Gmail on December 26, 2014, which forced Chinese users to rely on VPNs or local alternatives. Greatfire attributed the Outlook attack to Lu Wei and China’s Cyberspace Administration (CAC), alleging direct involvement or tacit approval. The watchdog linked the attack to China’s broader censorship strategy, emphasizing that foreign email services like Outlook and Gmail were being suppressed to push users toward government-monitored domestic platforms. Greatfire further criticized the China Internet Network Information Center (CNNIC), a CAC-governed certificate authority, urging Microsoft and Apple to revoke trust in its certificates due to security risks. The incident underscored escalating restrictions on foreign communication tools within China’s "Great Firewall" framework.