Chinese hackers attempted to break into specific State Department email accounts in the weeks before Secretary of State Antony J. Blinken traveled to Beijing in June, US officials said Wednesday.
The investigation into the efforts of the Chinese hackers, who are likely affiliated with China’s military or spy services, is ongoing, US officials said. But US officials have downplayed the idea that hackers stole sensitive information, insisting that no classified emails or cloud systems were penetrated. The State Department’s cybersecurity team first discovered the intrusion.
Several officials said the attack was aimed at individual email accounts, rather than a large-scale data breach, which Chinese hackers are suspected of doing before. Biden administration officials declined to identify which officials had been targeted by the Chinese hackers.
Microsoft, which disclosed the attack on Tuesday, said the attack began in May, according to the company’s investigation. The State Department discovered the hack on June 16 and informed Microsoft that day, just before Blinken’s trip to Beijing, a US official said. He left Washington that night.
The trip was pivotal for both Washington and Beijing: It was the first visit to China by a US secretary of state in five years and was aimed at establishing high-level communication channels and improving frayed relations. Treasury Secretary Janet L. Yellen has since visited Beijing, and John Kerry, the special climate envoy, plans to land there on Sunday for four days of talks.
President Biden and Xi Jinping, the leader of China, agreed at a meeting in Bali, Indonesia, last November, to try to stabilize relations, but the two nations clashed when the Pentagon discovered and shot down a Chinese spy balloon floating over the continental United States in early February. Blinken canceled a trip to China during that episode and, a few weeks later, publicly accused China of considering sending military aid to Russia for use in Ukraine.
A senior State Department official who spoke on condition of anonymity to discuss the sensitive incident said the attack did not initially appear to be directly related to the trip. Other officials warned that the investigation into what, if any, material was stolen by the hackers is still in the early stages.
In a statement on Wednesday, the State Department said that after detecting “abnormal activity,” the government took steps to secure the systems and “will continue to closely monitor and respond promptly to any additional activity.”
After the State Department reported the attack on Microsoft, the company discovered that the hackers had also targeted about 25 organizations, including government agencies. Microsoft, which described the attack as hackers going after specific accounts rather than carrying out a general intrusion, did not say how many accounts it believes might have been compromised by the Chinese hackers.
The United States and China are locked in an increasingly intense intelligence competition, with both governments trying to expand their collection on the other. US officials said that while such espionage and hacking is to be expected, they are conducting a robust investigation to shut down both the exploit Chinese hackers used against the State Department and other potential cloud computing security weaknesses. .
The State Department is a frequent hacking target for foreign governments. Russian intelligence has repeatedly targeted State Department computer networks. In 2014 and 2015, Russian hackers breached the State Department, the Joint Chiefs of Staff, and the White House and other critical, but unclassified, computer networks.
