sourcegraph
April 24, 2024

Chinese hackers attempted to break into specific email accounts at the U.S. State Department and Commerce Department in the weeks leading up to Secretary of State Antony J. Blinken’s visit to Beijing in June, U.S. officials said Wednesday.

U.S. officials said an investigation into the Chinese hackers, who may be affiliated with the Chinese military or spy services, is ongoing. But U.S. officials played down claims that hackers stole sensitive information, insisting no classified emails or cloud systems were infiltrated. The U.S. State Department’s cybersecurity team first discovered the intrusion.

The attack targeted individual email accounts, not the massive data breaches that Chinese hackers have previously been implicated in, multiple officials said. Biden administration officials declined to say which officials had been targeted by the hackers.

Microsoft disclosed the hack on Tuesday, saying that according to the company’s investigation, the hacking began in May. The State Department discovered the intrusion on June 16 and notified Microsoft that day, before Blinken left for Beijing, a U.S. official said. He left Washington that night.

The visit is crucial for both Washington and Beijing: the first by a US secretary of state in five years and aimed at building high-level communication channels and improving deteriorating ties. Treasury Secretary Janet Yellen has since visited Beijing, and climate envoy John Kerry is scheduled to arrive in Beijing on Sunday for four days of talks.

In November, President Biden and Chinese leader Xi Jinping met in Bali, Indonesia, and agreed to work on stable relationshipBut tensions rose between the two countries in early February after the Pentagon spotted and shot down a Chinese spy balloon floating over the continental United States. Blinken canceled a trip to China during that time; weeks later, he publicly accused Beijing of considering military aid to Russia for use in Ukraine.

A senior State Department official, speaking on condition of anonymity to discuss the sensitive incident, said the hack initially did not appear to be directly related to Blinken’s rescheduled schedule. Other officials cautioned that the investigation into what material, if any, was stolen by the hackers was still in its early stages.

The State Department said in a statement on Wednesday that after detecting “unusual activity,” the government took steps to secure systems and “will continue to closely monitor any further activity and respond promptly.”

The Commerce Department was notified by Microsoft that its cloud-based email had been infiltrated, according to a spokesperson. Microsoft has begun looking for other compromises after the State Department warned the company of the vulnerability. The Commerce Department has been spearheading the implementation of export controls to prevent the Chinese military from obtaining critical U.S. technology, a move that has been a headache for Beijing.

After the U.S. State Department reported the hack to Microsoft, the company found that hackers also targeted about 25 organizations, including government agencies. Some of those organizations are based overseas and the number of U.S. organizations affected is in the single digits, an official with the U.S. Cybersecurity and Infrastructure Security Agency said.

U.S. officials said the hackers targeted only a few email accounts in each organization, rather than a widespread breach. But neither U.S. officials nor Microsoft have said how many accounts they believe may have been hacked by China.

The U.S. government has yet to officially blame China for the attack, perhaps because the Biden administration is trying to keep talks with Beijing on track. But privately, U.S. officials said they agreed with Microsoft’s blaming of China for the hack, saying it had the hallmarks of a sophisticated state-backed attack.

The intrusions, which U.S. officials have described as surgical, stand in stark contrast to the SolarWinds hacks of 2019 and 2020, when Russian intelligence agencies exploited vulnerabilities in the software supply chain to gain access to thousands of computer networks.

Spy agencies are often wise to hack into adversarial networks, trying to extract as much information as possible without being detected.

The United States and China are locked in a growing intelligence rivalry, with each government seeking to expand the other’s intelligence-gathering efforts. U.S. officials said that while such espionage and hacking were expected, they were conducting a robust investigation to close the loopholes Chinese hackers used against the State Department and other potential security gaps in cloud computing.

On Wednesday, U.S. officials said State Department cybersecurity experts discovered the intrusion by reviewing email access logs, which record which emails were hacked and when.

U.S. officials said Microsoft charges extra for organizations that routinely access the logs. Some of the entities affected by the hack didn’t have this access, meaning they couldn’t detect the intrusion without Microsoft’s help. U.S. officials have been urging Microsoft to provide access logs to all organizations with cloud computing contracts with it.

The State Department is a frequent target of foreign government hacking. Russian intelligence agencies have repeatedly targeted State Department computer networks. In 2014 and 2015, Russian hackers breached the State Department, the Joint Chiefs of Staff and the White House, among other important but unclassified computer networks.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *