On Tuesday evening, Microsoft disclosed that a group known for its focus on infiltrating Western governments for espionage purposes had compromised certain accounts. The company stated that hackers based in China had recently accessed the email accounts of approximately 25 organizations, including numerous government agencies.
A spokesperson confirmed on Wednesday that the State Department was among the victims. They were the first to notify Microsoft and U.S. government cybersecurity officials about the hacking operation. The Cybersecurity and Infrastructure Security Agency (CISA), a federal cybersecurity authority, announced on Wednesday that they became aware of the breach in mid-June.
Although Microsoft didn’t reveal the identities of the countries or agencies affected, it noted that the group’s primary objective is to hack Western governments for spying purposes. The company worked with CISA to expel the hackers, suggesting that U.S. organizations were victimized.
Sen. Mark Warner (D-VA), Chairman of the Senate Intelligence Committee, stated that he and other committee members were “closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence.” Warner emphasized the importance of close collaboration between the U.S. government and the private sector to counter this threat, noting, “It’s clear that the PRC is steadily improving its cyber collection capabilities directed against the U.S. and our allies.”
On a press call on Wednesday, a high-ranking CISA official, who wished to remain anonymous, declined to reveal the exact number of other U.S. federal agencies affected, but indicated that the number was less than ten.
Microsoft stated in a report released Tuesday evening that the hacks began on May 15 and remained undetected until June 16. The hackers primarily aimed to gain access to email accounts, and they no longer have that access, according to the report.
The official stated that the hackers had the ability to view victims’ emails and seemed to target only a select few individuals. The official described the operation as a “very targeted, surgical campaign,” and noted that only unclassified mailboxes were compromised.
The State Department immediately took steps to secure its system, according to a spokesperson. Matthew Miller, a State Department spokesperson, stated, “As a matter of cybersecurity policy, we do not discuss the details of our response. The incident remains under investigation. And we continuously monitor our networks and update our security procedures.”
Microsoft did not provide any speculation about the hacker group’s potential affiliation with the Chinese government. It’s worth noting that, unlike their counterparts in Russia or Iran, Chinese hackers generally focus more on espionage than disruption, and are considered among the world’s most active cyber spies.
The Chinese Embassy in Washington, D.C., did not immediately respond to a request for comment. A representative from the Chinese Foreign Ministry dismissed allegations of government involvement as “disinformation” in a statement to The Associated Press.