Chinese hackers stole 60,000 e-mails from US State Department in Microsoft hack: Source
Sign up now: Get ST's newsletters delivered to your inbox
The e-mails were stolen from 10 different State Department accounts.
PHOTO: REUTERS
Follow topic:
WASHINGTON – Chinese hackers who breached Microsoft’s e-mail platform earlier in 2023
The staff member, who attended a briefing of State Department information technology officials, said officials told lawmakers 60,000 e-mails were stolen from 10 different State Department accounts.
Nine of those accounts involved work on East Asia and the Pacific, and one involved Europe, according to the briefing details shared via e-mail by the staff member, who declined to be named.
The staff member works for Senator Eric Schmitt.
US officials and Microsoft said in July that since May, Chinese state-linked hackers had accessed e-mail accounts of around 25 organisations, including the US Commerce and State departments.
The extent of the compromise remains unclear.
US allegations that China was behind the breach have strained an already tense relationship between the countries, as Beijing denied the charges.
The State Department individuals whose accounts were compromised mostly focused on Indo-Pacific diplomacy efforts, and the hackers also obtained a list containing all the department’s e-mails, according to the Wednesday briefing.
The sweeping hack has refocused attention on Microsoft’s outsized role in providing IT services to the United States government.
The State Department has begun moving to “hybrid” environments with multiple vendor companies and improved uptake of multifactor authentication, as part of measures to protect its systems, according to officials at the briefing.
The hackers compromised a Microsoft engineer’s device that allowed them to breach the State Department’s e-mail accounts, according to the briefing.
Microsoft earlier in September said a hack of senior officials’ accounts at the US State and Commerce departments stemmed from the compromise of a Microsoft engineer’s corporate account.
“We need to harden our defences against these types of cyber attacks and intrusions,” Mr Schmitt said in a statement shared by the staff member in an e-mail to Reuters following the briefing.
“We need to take a hard look at the federal government’s reliance on a single vendor as a potential weak point,” he added.
A Microsoft spokesman did not have an immediate comment on the Senate briefing.
The company, which has faced criticism over its security practices since the breaches, has said the hacking group behind them – dubbed Storm-0558 – had broken into webmail accounts running on the firm’s Outlook service.
The US State Department did not immediately return a message seeking comment on Wednesday, and Mr Schmitt was not available for an interview. REUTERS
