Chinese intelligence hacked U.S. government emails
Over two dozen government agencies in Europe and the United States have been compromised by a Chinese cyber espionage group, according to government officials and Microsoft.
Government officials have acknowledged a cyberattack on U.S. government infrastructure for the second time in recent months.
In spite of the fact that the threat was contained shortly after it was first reported, data shows that the hackers had access to government systems since at least May 2023.
According to Microsoft and U.S. national security officials, Chinese intelligence hacked into Microsoft email accounts belonging to two dozen government agencies in the U.S. and Western Europe.
Mark Warner, D-VA, chair of the Select Committee on Intelligence, said Wednesday that the Senate Intelligence Committee is closely monitoring what appears to be a significant cyber breach by Chinese intelligence. There is no doubt that the PRC is steadily improving its cyber collection capabilities against the United States and our allies. Countering this threat will require close coordination between the U.S. government and the private sector.”
Warner’s spokesperson confirmed he had been briefed about the incident. Wednesday, the State Department confirmed that it had also been affected.
“The Department of State detected anomalous activity, immediately took steps to secure our systems, and will continue to monitor and respond to any further activity,” a spokesperson said.
China-based actors have been spying on and stealing sensitive government and corporate data for years through Microsoft-powered email accounts at the agencies. It is possible that employees of the agencies were also compromised by the hacking group codenamed Storm-0558 by Microsoft.
Microsoft cybersecurity teams “mitigated” the compromise after it was first reported in mid-June 2023, the company said in blog posts about the incident. Company officials said hackers had been inside government systems since at least May.
This was an advanced technique used by the threat actor against a limited number of high-value targets. Every time the technique was used, it increased the chances of the threat actor being caught,” said Charles Carmakal, senior vice president and chief technical officer at Mandiant. Kudos to Microsoft for getting involved, figuring this out, fixing it, collaborating with partners, and being transparent.”
A potential intrusion into Microsoft was identified by U.S. government officials. It wasn’t clear which agencies were affected, although a bulletin from the FBI and the Cybersecurity and Infrastructure Security Agency said the first report was made by a single executive branch agency.
The U.S. government discovered an intrusion into Microsoft’s cloud security last month, which affected unclassified systems. The National Security Council contacted Microsoft immediately to determine the source and vulnerability of their cloud service,” spokesperson Adam Hodge said in a statement to The Wall Street Journal. As a result, we continue to hold U.S. government procurement providers to a high standard of security.”
In the public and private sectors, Microsoft’s Exchange software is almost ubiquitously used. As a result of the widespread use of its software and the high profile of its clients, the company has invested heavily in cybersecurity research and threat containment.
Covington & Burling, for example, was compromised by Chinese hackers in 2020 using an exploit of Microsoft server software.
It comes months after Microsoft and top government officials acknowledged another Chinese state-backed group was behind espionage efforts targeting “critical” U.S. civilian and military infrastructure, including a naval base in Guam.
It’s also a timely example of the kind of threat that U.S. national security officials have been warning about for months and years. Easterly, the top U.S. cybersecurity official, has called China an “epoch-defining” threat.