US National Security Council Coordinator for Strategic Communications John Kirby speaks during the daily briefing in the James S Brady Press Briefing Room of the White House in Washington, DC on June 5, 2023.
Andrew Caballero-Reynolds | AFP | fake images
Chinese intelligence hacked into Microsoft email accounts belonging to two dozen government agencies, including the State Department, in the United States and Western Europe in a “significant” breach., according Microsoft and US national security officials.
“The Senate Intelligence Committee is closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence,” Sen. Mark Warner, D-VA, and chairman of the Select Committee on Intelligence, said Wednesday. “It is clear that the PRC is constantly improving its cyber collection capabilities directed against the US and our allies. Close coordination between the US government and the private sector will be critical to countering this threat.” .
A Warner spokesperson confirmed that it had been briefed on the incident. The State Department also confirmed that it had been affected on Wednesday.
“The Department of State detected anomalous activity, took immediate action to secure our systems, and will continue to closely monitor and quickly respond to any additional activity,” a spokesperson told CNBC.
Hackers accessed Microsoft email accounts at agencies as part of an ongoing effort by China-based actors to spy on and steal sensitive government and corporate data. The hacking group, codenamed Microsoft’s Storm-0558, also compromised personal accounts “associated” with the agencies, likely employees of the agencies.
The compromise was “mitigated” by Microsoft cybersecurity teams after it was first reported to the company in mid-June 2023, Microsoft said in a pair of blog posts about the incidents. The hackers had been inside government systems since at least May, the company said.
“This was a very advanced technique used by the threat actor against a limited number of high-value targets. Each time the technique was used, the chances of the threat actor getting caught increased,” said SVP and Chief Google Cloud Mandiant Technician. Officer Charles Carmakal. “Kudos to Microsoft for standing up for each other, solving this, remediating this, collaborating with partners, and being transparent.”
US government officials identified the possible intrusion at Microsoft. The National Security Council did not identify which agencies had been affected, although a bulletin The FBI and the Cybersecurity and Infrastructure Security Agency said the first report was made by a single executive branch agency.
“Last month, US government security measures identified a Microsoft cloud security breach, affecting unclassified systems. Officials immediately contacted Microsoft to find the source and vulnerability. on their cloud service,” National Security Council spokesman Adam Hodge said in a statement sent to Wall Street. Diary. “We continue to hold US government procurement vendors to a high security threshold.”
Microsoft is a major government contractor, and its Exchange software is used almost everywhere by private and public sector customers. The company has invested significantly in cybersecurity research and threat containment, given how common its software is and how high-profile its many customers are.
The major law firm Covington and Burling, for example, was compromised by Chinese hackers using a Microsoft server software exploit in 2020.
The latest compromise comes months after Microsoft and top government officials acknowledged that another Chinese state-backed group was behind spying efforts targeting “critical” US civilian and military infrastructure, including a naval base on Guam.
It’s also a timely example of the kind of threat that US national security officials have been warning about for months and years. Jen Easterly, the top US cybersecurity official, has called China an “epoch-defining” threat.