Jump to content
  • Chinese intelligence hacked State Department emails in ‘significant’ breach

    aum

    • 365 views
    • 4 minutes
     Share


    • 365 views
    • 4 minutes

    Key Points
     

    • European and U.S. government agencies, including the State Department, were infiltrated by a Chinese cyber espionage group, government officials and Microsoft warned, part of a wider espionage effort that affected over two dozen government agencies in Europe and the U.S.

     

    • It’s the second time in recent months that government officials have acknowledged a China-based cyberattack on U.S. government infrastructure.

     

    • The threat was contained shortly after it was first reported, but data suggests the hackers had access to government systems since at least May 2023.

     

    Chinese intelligence hacked into Microsoft email accounts belonging to two dozen government agencies, including the State Department, in the United States and Western Europe in a “significant” breach, according to Microsoft and U.S. national security officials.


    “The Senate Intelligence Committee is closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence,” Sen. Mark Warner, D-VA, and chair of the Select Committee on Intelligence said Wednesday. “It’s clear that the PRC is steadily improving its cyber collection capabilities directed against the U.S. and our allies. Close coordination between the U.S. government and the private sector will be critical to countering this threat.”


    A spokesperson for Warner confirmed that he had been briefed on the incident. The State Department also confirmed that it had been impacted Wednesday.


    “The Department of State detected anomalous activity, took immediate steps to secure our systems, and will continue to closely monitor and quickly respond to any further activity,” a spokesperson told CNBC.


    The hackers accessed Microsoft-powered email accounts at the agencies as part of a continued effort by China-based actors to spy on and steal sensitive government and corporate data. The hacking group, code-named Storm-0558 by Microsoft, also compromised personal accounts “associated” with the agencies, likely employees of the agencies.


    The compromise was “mitigated” by Microsoft cybersecurity teams after it was first reported to the company in mid-June 2023, Microsoft said in a pair of blog posts about the incidents. The hackers had been inside government systems since at least May, the company said.


    “This was a very advanced technique used by the threat actor against a limited number of high value targets. Each time the technique was used, it increased the chances of the threat actor getting caught,” said Google Cloud’s Mandiant senior vice president and chief technical officer Charles Carmakal. “Kudos to Microsoft for leaning in, figuring this out, remediating, collaborating with partners, and being transparent.”


    U.S. government officials identified the potential intrusion to Microsoft. The National Security Council didn’t identify which agencies had been impacted, although a bulletin from the FBI and the Cybersecurity and Infrastructure Security Agency said that the first report was made by a single executive-branch agency.


    “Last month, U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems. Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” National Security Council spokesperson Adam Hodge said in a statement to the Wall Street Journal. “We continue to hold the procurement providers of the U.S. government to a high security threshold.”


    Microsoft is a major government contractor and its Exchange software is used almost ubiquitously by public- and private-sector clients. The company has invested significantly in cybersecurity research and threat containment, given how commonplace its software is and how high-profile its many clients are.


    Top law firm Covington and Burling, for example, was compromised by Chinese hackers using an exploit of Microsoft server software in 2020.
    The latest compromise comes months after Microsoft and top government officials acknowledged that another Chinese state-backed group was behind espionage efforts that targeted “critical” U.S. civilian and military infrastructure, including a naval base in Guam.


    It’s also a timely example of the kind of threat that U.S. national security officials have been warning about for months and years. Jen Easterly, the top U.S. cybersecurity official, has called China an “epoch-defining” threat.

     

    Source

     

    Also:  Chinese hackers raided US government email accounts by exploiting Microsoft cloud bug.


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...