Chinese hackers with alleged state support successfully breached Microsoft's cloud-based security systems last month, hacking into the email accounts of officials from several U.S. agencies dealing with China. This breach came prior to Secretary of State Antony Blinken's visit to Beijing, authorities confirmed on Wednesday.
The hack was a focused and strategic espionage effort that allowed access to a handful of email accounts across an unspecified number of U.S. agencies. The discovery was made in mid-June by the U.S. State Department, officials reported, adding that no classified systems were compromised and the stolen data was not classified.
Commerce Secretary Gina Raimondo was among the hacked officials, according to The Washington Post. Her agency's export controls have impacted multiple Chinese companies.
Sources familiar with the investigation indicated that U.S. military and intelligence departments were not affected by this month-long cyber espionage effort, which also impacted unidentified foreign governments.
During a media briefing on Wednesday, U.S. Cybersecurity and Infrastructure Security Agency and the FBI revealed that the hackers gained access by posing as authorized users. They refrained from detailing the nature of the stolen data. It remains unclear if there has been any major compromise of information, according to an official.
Secretary Blinken's trip proceeded as scheduled, with standard information security measures in effect, which necessitated the use of disposable ("burner") phones and computers in China.
Microsoft disclosed the hack late on Tuesday through a blog post, attributing it to a state-supported Chinese hacking group, Storm-0558, known for targeting Western European government agencies. Microsoft discovered the breach on June 16 and said it impacted around 25 organizations, including government agencies, since mid-May.
Neither Microsoft nor U.S. officials would specify the affected agencies or governments. A senior CISA official informed the press that fewer than ten organizations in the U.S. were affected.
Adam Hodge, a spokesperson for the U.S. National Security Council, stressed that government safety protocols detected the breach, stating that U.S. Government procurement providers are held to high security standards.
The hackers managed to break into the system using counterfeit authentication tokens. Charlie Bell, Microsoft's Executive VP for security, stated on the company's website that the hackers obtained a "consumer signing key."
Cybersecurity experts worry that this method could have been used widely to hack multiple non-enterprise Microsoft users. There's also concern over the risk of relying too heavily on a single technology provider, as pointed out by Adam Meyers, head of intelligence for cybersecurity firm Crowdstrike.
In response to these allegations, Chinese foreign ministry spokesperson, Wang Wenbin, referred to them as "disinformation," aiming to distract from U.S. cyberespionage activities against China.
Recent reports from Google-owned cybersecurity firm Mandiant highlight a similar incident where state-supported Chinese hackers exploited a vulnerability in a popular email security tool to access the networks of hundreds of global public and private organizations. Microsoft has previously warned that Chinese hackers could be laying the groundwork to disrupt critical communications between the U.S. and Asia in potential future crises.