Chinese Hackers Gain Access to 60,000 U.S. State Department Emails in Cyber Campaign Targeting Microsoft

Chinese hackers successfully breached the U.S. State Department’s cybersecurity defenses during a cyber campaign that specifically targeted Microsoft systems, resulting in the unauthorized access to 60,000 State Department emails. This significant breach was uncovered in July but was only disclosed recently to Senate staff.

According to information provided to Senate staff on September 27, these compromised emails were associated with 10 State Department accounts. Notably, nine of these accounts were linked to diplomatic efforts in the Indo-Pacific region, primarily focusing on East Asia and Pacific affairs, with one account focused on European affairs. Additionally, the hackers managed to access officials’ travel itineraries and obtained a list of all State Department email addresses. The breach also exposed fewer than 10 Social Security numbers.

Approximately 30 to 40 Senate staffers from both sides of the political spectrum were briefed on the cyberattack, shedding light on the extent of the Chinese hacking campaign. The campaign, which spanned over a month starting in May, targeted accounts from 25 entities globally, including high-profile individuals like Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns, and Assistant Secretary of State for East Asia Daniel Kritenbrink.

The timing of the attack coincided with Secretary of State Antony Blinken’s preparations for a prominent trip to China aimed at improving bilateral relations, potentially providing the Chinese government with insights into U.S. strategy.

While the State Department has not officially attributed the breach, Microsoft has traced it back to the Chinese state. State Department spokesperson Matthew Miller confirmed that the attack was indeed a hack of Microsoft systems, and the State Department reported it to Microsoft.

In their briefing on September 27, State Department officials revealed that the cyberattackers infiltrated a device belonging to one of Microsoft’s engineers and stole a certificate, allowing them to breach the State Department’s network and gain access to two dozen other targeted entities.

This breach has raised concerns about the U.S. government’s reliance on Microsoft as its sole vendor for cybersecurity services. In response, the Department of Homeland Security’s Cyber Safety Review Board, comprised of government and industry experts, has initiated an investigation into the potential systemic risk associated with cloud computing.

In an effort to bolster its cybersecurity measures, the State Department officials at the briefing announced that they are in the process of transitioning to “hybrid environments” involving multiple vendors.

Senator Eric Schmitt, who had previously led an inquiry into the Chinese cyberattack in late July, emphasized the importance of countering such foreign cyberattacks. He stressed that the investigation is far from over and highlighted the need to fortify defenses against cyber intrusions while examining the federal government’s dependence on a single vendor.

Representative Don Bacon, who reported being targeted by the same Chinese hackers in August, linked the cyber threat to his advocacy for Taiwan and emphasized the need to enhance U.S. alliances in the Asia-Pacific region.