**State-Backed Chinese Hackers Breach U.S. Agencies’ Email Accounts**
State-backed Chinese hackers managed to hack into the email accounts of officials at several U.S. agencies ahead of Secretary of State Antony Blinken’s visit to Beijing last month, according to officials on Wednesday. The hackers used targeted and surgical methods to gain access to the email accounts of a small number of individuals at undisclosed U.S. agencies. The breach was discovered in mid-June by the State Department, and officials confirmed that none of the breached systems were classified and no data was stolen.
**Targeted Espionage Affects U.S. Agencies**
The hacking campaign, which lasted for a month, did not impact U.S. military and intelligence agencies. However, the officials did not provide any details about the foreign governments affected by the breach. It is important to note that the officials requested anonymity during discussions about the breach.
**Microsoft Reveals the Hack**
In a technical advisory and during a call with reporters, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI revealed that Microsoft had determined how the hackers gained access. According to Microsoft, the hackers impersonated authorized users to gain entry into the email accounts. Although officials did not disclose the nature of the stolen data, it was revealed that the intrusion directly targeted diplomats and individuals involved in the China portfolio at the State Department and other agencies. It remains unclear if any significant compromise of information occurred.
**Secretary Blinken’s Trip Proceeds with Enhanced Security Measures**
Despite the breach, Secretary Blinken’s trip to Beijing continued as planned. However, enhanced information security measures were implemented, including the use of “burner” phones and computers by the delegation in China.
**Microsoft Identifies the State-Backed Group**
Microsoft disclosed the hack in a blog post, attributing it to a state-backed Chinese hacking group known as Storm-0558. The group has previously targeted government agencies in Western Europe. According to Microsoft, the hackers gained access to email accounts at approximately 25 organizations, including government agencies and consumer accounts associated with those agencies.
**United States Only Marginally Affected**
While Microsoft and U.S. officials did not identify the impacted agencies or governments, a senior CISA official stated that only a few of the organizations were within the United States. It is unclear if U.S. officials hold Microsoft responsible for the breach. However, the U.S. National Security Council emphasized that the breach was detected through government safeguards. The need for high-security standards for the procurement providers of the U.S. Government was also emphasized.
**Attack Method: Forged Authentication Tokens**
The state-backed hackers gained unauthorized access to the email accounts by using forged authentication tokens. These tokens are data used to verify a user’s identity. How the hackers accomplished this remains a mystery, but there are concerns about the widespread use of forged tokens against various Microsoft users. Cybersecurity researcher Jake Williams, a former National Security Agency hacker, speculates that dissidents on personal subscriptions might have also been targeted using this method.
**China Denies Accusations**
A spokesman for the Chinese foreign ministry dismissed the U.S. accusation of hacking as disinformation. The spokesman, Wang Wenbin, suggested that the United States diverts attention from its own cyber espionage against China. The Chinese government also stressed that hacking is not a violation of international law and pointed out that U.S. intelligence agencies use hacking as an espionage tool.
**China’s Persistent Cyber Espionage**
Officials have accused China of engaging in cyber espionage for geopolitical advantages. China has a long history of stealing U.S. and allied intellectual property, as well as hacking into U.S. government personnel records. Senator Mark Warner, chair of the Senate intelligence committee, commented that the recent breach demonstrates China’s continuous improvement in its cyber collection capabilities targeting the U.S. and its allies.
**Previous Incidents of Chinese Hacking**
Earlier this year, Google-owned cybersecurity firm Mandiant reported that suspected state-backed Chinese hackers had breached the networks of numerous public and private sector organizations worldwide. In this instance, the hackers exploited a vulnerability in a popular email security tool. Microsoft also revealed earlier this year that state-backed Chinese hackers were targeting critical infrastructure in the United States, potentially posing a threat to future communications between the U.S. and Asia during crises.
In conclusion, state-backed Chinese hackers successfully breached the email accounts of U.S. agency officials involved in China-related matters. While the breach did not impact classified systems and data, it highlights the persistent cybersecurity challenges faced by governments and organizations worldwide. As countries increasingly rely on digital assets and face sophisticated cyber threats, robust security measures and continuous monitoring are crucial to safeguard sensitive information.