According to U.S. officials and Microsoft, Chinese hackers with state affiliations have been covertly infiltrating email accounts at approximately 25 organizations, including two U.S. government agencies and Microsoft itself, since May. The U.S. government promptly detected the breach of federal government accounts and prevented further unauthorized access. The U.S. State and Commerce Departments confirmed their involvement in the incident through official statements.
The Washington Post reported that Secretary of Commerce Gina Raimondo’s email and Department of State officials’ accounts were compromised. Raimondo is the only known Cabinet-level official whose account was breached in this incident.
However, a senior U.S. government official cautioned against comparing this intrusion to the SolarWinds compromise, a wide-ranging cyber-attack attributed to Russian cyber spies that came to light in late 2020. The official described the recently discovered campaign as being significantly narrower in scope.
Regarding Microsoft’s attribution of the hack to China, the U.S. official refrained from commenting. In their statement, Microsoft revealed that the hacking group, Storm-0558, employed the tactic of forging digital authentication tokens to gain unauthorized access to webmail accounts hosted on the company’s Outlook service. The illicit activity began in May, as stated by Microsoft.
Microsoft stated that in response to the observed nation-state actor activity, they have directly contacted all targeted or compromised organizations through their tenant administrators. Microsoft has provided these organizations with important information to assist their investigation and response efforts.
While Microsoft did not disclose the specific organizations or governments affected, they noted that the hacking group primarily targets entities in Western Europe.
China’s embassy in London dismissed the accusation as “disinformation” and referred to the U.S. government as “the world’s biggest hacking empire and global cyber thief.” Regardless of available evidence or context, China consistently denies involvement in hacking operations.
According to Adam Hodge, a White House National Security Council spokesperson, the intrusion in Microsoft’s cloud security impacted unclassified systems, but no further details were provided.
Hodge stated that officials immediately contacted Microsoft to identify the source of the breach and the vulnerability in their cloud service.
The State Department acknowledged detecting anomalous activity and promptly took measures to secure their systems, as stated by a department spokesperson. The Commerce Department also indicated that they took immediate action upon receiving notification of the compromise from Microsoft.
Cybersecurity experts in the private sector have noted that the newly discovered hacking activity demonstrates the improvement of Chinese groups’ cyber capabilities.
John Hultquist, the chief analyst for the U.S. cybersecurity firm Mandiant, remarked, “Chinese cyber espionage has evolved significantly from the crude tactics that many of us are familiar with.”
