Chinese hackers managed to steal 60,000 emails from U.S. State Department officials earlier this year, a Senate staffer briefed on the matter has claimed.
Major cyberattack: Senior State Department IT officials revealed the new information at a press briefing in the U.S. Senate on Wednesday. A staffer working for Sen. Eric Schmitt (R-MO) who attended the briefing revealed to Reuters that the breach compromised the Microsoft email accounts of nine State Department officials focused on East Asia and the Pacific, and another official who works on European issues.
Among the accessed information involved sensitive data, such as travel itineraries and diplomatic discussions. These cyberattacks occurred in May, ahead of Secretary of State Antony Blinken’s planned trip to China the following month.
How it happened: The hackers reportedly exploited a vulnerability in Microsoft’s systems, facilitated by the theft of a token from a Microsoft engineer. This allowed them to gain unauthorized access to the email accounts of the officials.
The scope of the breach extended beyond the State Department, affecting a total of 25 entities, including the Department of Commerce.
Links to Chinese hacking group: State Department spokesperson Matthew Miller confirmed the breach during a press conference on Sept. 28.
“[T]his was a hack of Microsoft systems that the State Department uncovered and notified Microsoft about,” Miller said. “We have no reason to doubt [Microsoft’s] attribution in this case.”
While the State Department did not formally attribute the hack to China, Microsoft has previously blamed a “China-based” hacking group for the breach back in July. Beijing denied involvement at the time.
Fallout and response: The cyberattack has intensified concerns regarding Chinese hacking activities on Capitol Hill. U.S. lawmakers and Biden administration officials scrutinized the government’s reliance on a single vendor, citing its potential weakness in its security infrastructure.
In response to the breach, the State Department has reportedly started transferring its data to “hybrid” environments with different vendors and implemented multi-factor security authentication.