Chinese hackers breached unclassified government email by foiling Microsoft security
U.S. military and intelligence agencies were not among those impacted in the hacking which took place in May and June, but the State Department was
U.S. officials say state-backed Chinese hackers foiled Microsoft’s cloud-based security to break into unclassified U.S. government email systems at an unspecified number of agencies including the State Department.
The extent of the hack was not immediately clear, but a person familiar with the hack investigation said U.S. military and intelligence agencies were not among those impacted. Another U.S. official said the State Department was the first agency to discover the breach.
The officials spoke on condition they not be further identified.
In a technical advisory Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency and the FBI said Microsoft had determined the hackers accessed and stole data “from a small number of accounts” by impersonating authorized users.
Nevertheless, Senate intelligence committee chair Mark Warner issued a statement saying it was “closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence” that shows China is “steadily improving its cyber collection capabilities directed against the U.S. and our allies.”
The hack was focused on U.S. officials who deal with China and was discovered by the State Department shortly before Secretary of State Antony Blinken’s trip to Beijing last month. That trip went ahead as planned, although with customary information security procedures in place, which required his delegation to use “burner” phones and computers.
The official said the intrusion was “directly targeted” at diplomats and others who deal with the China portfolio at the State Department and other agencies. The official added that it was not yet clear if there had been any significant compromise of information, especially since it appeared directed at unclassified systems.
The hack was disclosed late Tuesday by Microsoft in a blog post. It said it was alerted to the breach, which it blamed on a state-backed, espionage-focused Chinese hacking group “known to target government agencies in Western Europe,” on June 16. Microsoft said the group, which it calls Storm-0558, had gained access to email accounts affecting about 25 organizations including government agencies since mid-May as well as to consumer accounts of individials likely associated with those0 agencies.
Microsoft did not identify the agencies or the governments involved.
A spokesman for the U.S. National Security Council, Adam Hodge, said in a statement that “government safeguards” detected the intrusion and Microsoft was immediately contacted. “We continue to hold the procurement providers of the U.S. Government to a high security threshold.”
The Storm-0558 hackers broke in using forged authentication tokens — data used to verify the identity of a user — to access the email accounts, Microsoft said. It said it dealt with vulnerability and informed affected customers. 1
U.S. National Security Adviser Jake Sullivan, at the NATO summit in Vilnius, Lithuania, where told ABC’s “Good Morning America” the investigation is ongoing. “We detected it fairly rapidly and we were able to prevent further breaches,” Sullivan said. “The matter is still being investigated, so I have to leave it there because we’re gathering further information in consultation with Microsoft and we will continue to appraise the public as we learn more.”
A Chinese foreign ministry spokesman, Wang Wenbin, called accusation “disinformation” aimed at diverting attention from U.S. cyberespionage against China.
“No matter which agency issued this information, it will never change the fact that the United States is the world’s largest hacker empire conducting the most cyber theft,” Wang said in a routine briefing.
Last month, Google-owned cybersecurity firm Mandiant said suspected state-backed Chinese hackers broke into the networks of hundreds of public and private sector organizations globally exploiting a vulnerability in a popular email security tool.
Earlier this year, Microsoft said state-backed Chinese hackers were targeting U.S. critical infrastructure and could be laying the technical groundwork to disrupt critical communications between the U.S. and Asia during future crises.
Sign up for our weekly newsletter to get more English-language news coverage from EL PAÍS USA Edition