Chinese cyberspies, exploiting a fundamental gap in Microsoft’s cloud, hacked email accounts at the Commerce and State departments, including that of Commerce Secretary Gina Raimondo — whose agency has imposed stiff export controls on Chinese technologies that Beijing has denounced as a malicious attempt to suppress its companies.
Raimondo is the only known Cabinet-level official to have their account compromised in the targeted cyberespionage campaign, according to U.S. officials familiar with the matter, who spoke on the condition of anonymity due to the matter’s sensitivity.
The breaches have been mitigated, officials said, but an FBI investigation continues. The Microsoft vulnerability was discovered last month by the State Department. Also targeted were the email accounts of a congressional staffer, a U.S. human rights advocate, and U.S. think tanks, officials and security professionals said.
State and Commerce were the only two executive branch agencies known to be breached, officials said. The hackers, looking for information useful to the Chinese government, had access to the email accounts for about a month before the issue was discovered and access cut off, said officials. The intrusion was discovered around the time of Secretary of State Antony Blinken’s trip to Beijing.
“U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems,” National Security Council spokesman Adam Hodges said in a statement Tuesday to The Washington Post. “Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service. We continue to hold the procurement providers of the U.S. government to a high security threshold.”
A senior FBI official said that no classified information was taken and that there was no evidence that the hackers got anywhere except the inboxes. He said the government was not yet attributing the attack to any country or group but would seek to “impose costs” on the adversary.
A senior Department of Homeland Security official said that nine organizations were victimized in the United States, with a small number of email accounts compromised at each. Microsoft said a total of about 25 organizations worldwide were hacked.
Since taking office, the Biden administration has moved to limit the export of U.S. technologies that it says can aid China’s aggressive military modernization, surveillance capabilities and deployment of weapons of mass destruction. Such controls are overseen by the Commerce Department, which has also placed Chinese companies on export blacklists.
The administration is preparing an expansion of export controls as well as new restrictions on Chinese investment in advanced technologies. Given the forward role that these tools are playing in the administration’s strategy to compete with China, Beijing sees Raimondo as a “particularly important target …
to understand her personal views,” said Emily Kilcrease, senior fellow at the Center for a New American Security and an economic security official at the Commerce Department in the Obama and Trump administrations.
Microsoft disclosed late Tuesday that it had mitigated an attack by “a China-based threat actor” that primarily targets government agencies in Western Europe and focuses on espionage and data theft.
The Redmond, Wash.-based tech giant said the hackers, whom the firm calls Storm-0558, gained access on May 15. They did this by using forged authentication tokens to access user email using “an acquired Microsoft account consumer signing key,” according to a blog written by Charlie Bell, Microsoft’s executive vice president of security.
The hackers could create that key only with a more powerful internal key controlled by Microsoft, said Adam Meyers, senior vice president of CrowdStrike, suggesting that Microsoft itself had been hacked or compromised by an insider. (FULL REPORT)