Chinese hackers successfully infiltrated various U.S. government entities, reportedly pilfering approximately 60,000 emails from senior officials at the State Department in May of this year, according to CNN. The news, relayed by a Senate staffer, sheds light on how Chinese cyber operatives allegedly combed through the email accounts of senior U.S. diplomats who focus on Pacific diplomacy, right before U.S. Secretary of State Antony Blinken’s critical visit to China in June.
The hackers primarily targeted the unclassified email accounts of nine State Department officials concentrating on East Asian and Pacific affairs. They also managed to compromise the email of another official responsible for European matters, as revealed by a Senate staffer from the office of Republican Senator Eric Schmitt of Missouri. This staffer, who chose to remain anonymous, attended a briefing provided by senior State Department IT officials to the Senate.
According to the Senate staffer, the hackers also gained access to a comprehensive list of State Department email addresses, potentially valuable information for any future hacking attempts directed at the State Department.
State Department spokesperson Matthew Miller confirmed in a press briefing that the hackers had breached approximately 60,000 State Department emails. He pointed out that this was a breach of Microsoft systems, which the State Department had discovered and reported to Microsoft.
While the State Department has not officially attributed the hack to any particular entity, Microsoft attributed it to a “China-based” hacking group. Miller mentioned that there was no reason to doubt Microsoft’s attribution.
The hackers exploited vulnerabilities in Microsoft email software, initially gaining access by breaching a Microsoft engineer, as stated by the company. This series of cyber intrusions underscores the significant advancements China has made in its cyber capabilities, as noted by experts cited by CNN. Consequently, U.S. lawmakers and Biden administration officials have begun examining the government’s reliance on Microsoft technology.
The cyber-espionage campaign reached the unclassified email accounts of individuals such as U.S. Ambassador to China Nicholas Burns, Commerce Secretary Gina Raimondo, and Daniel Kritenbrink, the Assistant Secretary of State for East Asia, who accompanied Blinken on his trip to China in June. Republican Representative Don Bacon of Nebraska, who has been a vocal critic of the Chinese government, also fell victim to the hackers.
In response to the hacking allegations, Chinese government officials accused the U.S. government of conducting cyberattacks against China. Senator Schmitt, in a statement to CNN, welcomed the briefing but emphasized that the investigation into the hacks was ongoing. He called for bolstering defenses against cyberattacks and scrutinizing the government’s reliance on a single technology vendor as a potential vulnerability.