Microsoft’s Outlook.com was recently subjected to a man-in-the-middle (MITM) attack in China. Greatfire.org reported about this attack today with the following information.
We have tested Outlook to verify the attack and have produced the same results. IMAP and SMTP for Outlook were under a MITM attack. Do note however that the web interfaces (https://outlook.com and https://login.live.com/ ) were not affected. The attack lasted for about a day and has now ceased.
GreatFire.org suspects that the Cyberspace Administration of China is directly responsible for this attack against Outlook.
We suspect that the Cyberspace Administration of China, which is directly in charge of censorship and GFW, is directly responsible for the MITM attack against Outlook, and the recent related MITM attacks in China. CNNIC (China Internet Network Information Center) is directly governed by the Cyberspace Administration of China and should not be trusted as a certificate authority by major software vendors.
We have outlined CNNIC’s dubious history in a previous blog post. Given the dangerous nature of this attack on Outlook, we again strongly encourage organizations, including Microsoft and Apple, to immediately revoke trust for the CNNIC certificate authority.
Read about it in detail from the link below.