Hackers associated with the Chinese government gained access to about 60,000 emails from the unclassified inboxes of State Department workers as part of a major hack earlier this summer, according to a readout from a Senate staff briefing on 27 September. The hackers managed to access the emails after they breached Microsoft’s email platform earlier this year.
The newly revealed information on the previously known hacking episode which also affected Commerce Secretary Gina Raimondo is reportedly going to increase congressional concerns about Chinese hacking activities which have intensified this year.
In accordance with a Senate staffer who works for Republican Senator Eric Stephen Schmitt from Missouri, top officials from the State Department revealed the new details of the hack during a Capitol Hill briefing for employees. The person was present for a briefing by State Department IT officials which informed lawmakers that 60,000 emails were taken from 10 State Department accounts.
The details which were provided through email mentioned that nine of the victims were working on East Asia and the Pacific while one was concentrated on Europe. Approximately 25 organisations, including the U.S. Commerce and State Departments, had their email accounts compromised since May, per information released in July by U.S. officials and Microsoft. The scope of the compromise continues to be unknown.
The United States’ accusations that China was responsible for the breach have deteriorated relations between the two nations which were already fragile. However, Beijing has refuted the allegations.
The State Department staff whose accounts were attacked largely worked on Indo-Pacific diplomatic initiatives. The hackers also got their hands on a list of all the department’s correspondence, based on the revelation in the briefing.
The massive intrusion has brought Microsoft’s disproportionate contribution to the U.S. government’s IT services back into the spotlight. According to the officials at the briefing, the State Department has started transitioning to “hybrid” settings with numerous vendor businesses and boosted acceptance of multi-factor authentication as part of attempts to defend its systems.
The State Department’s email accounts had been obtained by the hackers when they took control of a Microsoft engineer’s device. Microsoft stated earlier this month that the penetration of a Microsoft engineer’s corporate account was the cause of a hack of senior officials in the U.S. State and Commerce Departments.
There were no instantaneous comments from a Microsoft spokesperson regarding the Senate briefing. The business which has been under fire for its security procedures since the breaches asserted that the hacking gang responsible for them known as Storm-0558 had gained possession of webmail accounts that were using the company’s Outlook service.
The Chinese government was criticised by Gina Raimondo and other officials for the hack of her account during a recent trip to China, however, the State Department has not officially blamed the country for the occurrence.
The nature of the content of the emails is yet unclear. Officials from the United States attached a little importance to the instance and contended that no critical data was exposed and the online assault did not impact classified email accounts. The violations happened just before Secretary of State Antony J. Blinken’s trip to China.
He was the first in a line of cabinet members who travelled as part of the Joe Biden administration’s initiatives to mend strained diplomatic ties between Washington and Beijing while also placing limitations on American involvement in specific Chinese industries.
The US government officials told Senate staff members that the hackers broke into the State Department email accounts utilising one stolen Microsoft certificate and that token was likewise employed to infiltrate 25 organisations and government agencies.
Eric Schmitt highlighted that the government’s reliance on independent vendors to support systems, in this case Microsoft, had led to unacceptable weaknesses in the system. He pressed the Defence Department to examine its own reliance on technologies from the same single vendor.
He proclaimed, “We need to harden our defences against these types of cyberattacks and intrusions. We need to take a hard look at the federal government’s reliance on a single vendor as a potential weak point,” in a statement as reported by the staffer. He vowed to press government representatives “for more answers to ensure China and other nefarious actors do not gain access to the federal government’s most sensitive information.”
