According to US officials and Microsoft, Chinese hackers with state affiliations have been covertly infiltrating email accounts at approximately 25 organizations, including two US government agencies and Microsoft itself, since May. The US government detected the breach of federal government accounts promptly and managed to prevent any further unauthorized access. Both the US State and Commerce Departments confirmed their involvement in the incident through official statements.
The Washington Post reported that Secretary of Commerce Gina Raimondo’s email account, as well as the accounts of Department of State officials, were compromised. Raimondo is the only known Cabinet-level official whose account was breached in this particular incident.
However, a senior US government official cautioned against comparing this intrusion to the SolarWinds compromise, a wide-ranging cyber-attack attributed to Russian cyberspies that came to light in late 2020. The official described the recently discovered campaign as being significantly narrower in scope.
Regarding Microsoft’s attribution of the hack to China, the US official refrained from providing any comment on the matter. In their statement, Microsoft revealed that the hacking group, referred to as Storm-0558, employed the tactic of forging digital authentication tokens to gain unauthorized access to webmail accounts hosted on the company’s Outlook service. The illicit activity began in May, as stated by Microsoft.
Microsoft stated that in response to the observed nation-state actor activity, they have directly contacted all targeted or compromised organizations through their tenant administrators. Microsoft has provided these organizations with important information to assist in their investigation and response efforts.
While Microsoft did not disclose the specific organizations or governments affected, they noted that the hacking group primarily targets entities in Western Europe.
China’s embassy in London dismissed the accusation as “disinformation” and referred to the U.S. government as “the world’s biggest hacking empire and global cyber thief.” China consistently denies involvement in hacking operations, regardless of available evidence or context.
According to Adam Hodge, a spokesperson for the White House National Security Council, the intrusion in Microsoft’s cloud security impacted unclassified systems, but no further details were provided.
Hodge stated that officials immediately reached out to Microsoft to identify the source of the breach and the vulnerability in their cloud service.
The State Department acknowledged detecting anomalous activity and promptly took measures to secure their systems, as stated by a department spokesperson. The Commerce Department also stated that they took immediate action upon receiving notification of the compromise from Microsoft.
Cybersecurity experts in the private sector have noted that the newly discovered hacking activity demonstrates the improvement of Chinese groups in their cyber capabilities.
John Hultquist, the chief analyst for the U.S. cybersecurity firm Mandiant, remarked, “Chinese cyber espionage has evolved significantly from the crude tactics that many of us are familiar with.”