According to American sources, state-sponsored Chinese hackers managed to get beyond Microsoft’s cloud-based security to access unclassified email systems at an unidentified number of government departments, including the State Department.
Although the scope of the attack was not immediately evident, a person familiar with the inquiry claimed that neither the U.S. military nor the intelligence agencies were affected.
Another American official claimed that the State Department was the first department to find the security hole.
The officials agreed to speak on the condition that they remain anonymous.
The U.S. issued a technical advisory on Wednesday.
Microsoft had discovered the hackers gained access to and stole data “from a small number of accounts” by pretending to be authorized users, according to the FBI and the Cybersecurity and Infrastructure Security Agency.
In spite of this, Mark Warner, the chair of the Senate intelligence committee, released a statement in which he said the committee was “closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence” that demonstrates China is “steadily improving its cyber collection capabilities directed against the U.S. and our allies.”
Shortly before Secretary of State Antony Blinken’s trip to Beijing last month, the State Department learned about the attack, which targeted American officials who work with China.
Although there were normal information security measures in place that required his participation, the trip proceeded as scheduled.
The official claimed that those who work for the State Department and other agencies that deal with the China portfolio were “directly targeted” by the intrusion.
The official continued that it was unclear at this point whether there had been a large information compromise, especially given that it looked to be targeted at unclassified systems.
In a blog post published late on Tuesday, Microsoft revealed the attack. On June 16, it claimed to have received notice of the incident, which it attributed to a Chinese hacking outfit with a concentration on espionage that is “known to target government agencies in Western Europe.”
Microsoft reported that since mid-May, the group, known as Storm-0558, has gained access to email accounts affecting roughly 25 organizations, including government institutions, as well as to consumer accounts of individuals most likely.
Microsoft made no mention of the relevant organizations or governments.
A representative of the U.S. Adam Hodge of the National Security Council stated in a statement that “government safeguards” discovered the infiltration and alerted Microsoft right away.
“We still hold the American procurement suppliers to a high standard and to a high security threshold by the government.
According to Microsoft, the Storm-0558 hackers gained access to the email accounts by using fake authentication tokens, which are pieces of information used to confirm a user’s identity.
It said that it addressed vulnerabilities and alerted affected customers.