The recently uncovered Chinese hack of hundreds of thousands of emails from top U.S. officials began with the breach of a Microsoft engineer’s account, the company stated on Sept. 6.
The Chinese hacking group, which Microsoft dubbed Storm-0558, penetrated the engineer’s account, giving it access to a cryptographic key that the group later used to break into the U.S. government accounts, Microsoft said in a blog post after a months-long investigation.
Microsoft stated that the Chinese hackers had likely exploited the crash of the company’s internal system in April 2021 that leaked the key, which the engineer’s corporate account had access to. The hacker group subsequently forged credentials to compromise Microsoft’s Outlook on the web and Outlook systems. The tech giant stated that it has corrected the technical vulnerabilities.
The hacking attempt surfaced at a sensitive time. The investigation began the same day that Secretary of State Antony Blinken headed to China to engage with senior Chinese officials, the highest-ranking official under the Biden administration to do so. CNN, citing two unnamed U.S. officials, reported in July that the Biden administration believes that the hacking operation had given Beijing clues about U.S. thinking ahead of the U.S. visit.
The breach also called attention to Microsoft’s security system. The Department of Homeland Security’s Cyber Safety Review Board, a panel of government and industry experts, has launched a probe to examine the potential systemic risk in cloud computing.
The Microsoft breach represents only a drop in the cyberattacks from China.
Cyber Espionage
Microsoft and various cybersecurity agencies under the Five Eyes alliance in May also warned about malicious activities from Chinese cyber espionage group Volt Typhoon targeting a wide range of networks across U.S. critical infrastructure.According to Microsoft, these hackers attempted to “disrupt critical communications infrastructure between the United States and Asia region during future crises,” including manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.
The company also noted the risk for military facilities in Guam in the Western Pacific that are key in responding to conflicts in the Asia-Pacific region.
Ms. Raimondo said she has challenged Chinese officials over the email hacking during her trip to China.
“I was very clear, direct, and firm in all of my conversations with my Chinese counterparts. I didn’t pull any punches. I didn’t sugarcoat anything, and no one is more realistic than I am about the challenges as it relates to the hack,” she told CNN’s State of the Union.
The operation “erodes trust,” according to Ms. Raimondo.
“I wanted to be clear with them that we aren’t foolish,“ she said. ”We aren’t close-eyed to the reality of what they’re trying to do.”
Ms. Raimondo said the Chinese officials had denied any knowledge of the incident and instead suggested that it wasn’t intentional.
“But I think it was important that I put it on the table and let them know ... that it’s hard to build trust when you have actions like that,” she said.
