The email account of the U.S. ambassador to China was hacked by Chinese hackers on a mission to attack several American and global targets in recent weeks, including another account at the State Department, according to reports.
China-based hackers breached the email account of US Ambassador to China Nicholas Burns as part of a recent targeted intelligence-gathering campaign, three US officials familiar with the matter told CNN.
The hackers also accessed the email account of Daniel Kritenbrink, the assistant secretary of State for East Asia, who recently traveled with Secretary of State Antony Blinken to China, the people said.
The State Department did not provide comment on the reports.
But this latest attack is just part of a pattern that follows recent cyber attacks on both State and Commerce accounts—including the account of the U.S. Commerce secretary last week: :
Chinese-based hackers gained access to the emails of the Commerce Secretary Gina Raimondo and U.S. State Department officials last month through a vulnerability in Microsoft email systems, according to a department spokesperson and a news report. […]
The Cybersecurity and Infrastructure Security Agency and the FBI put out a joint advisory Wednesday announcing the breach, but did not specify the target, saying a federal agency first spotted the suspicious activity in mid-June after noticing Microsoft 365 audit logs were being accessed by licensed users in Exchange Online mailboxes through abnormal programs. The agency reported the activity to Microsoft and CISA.[…]
CISA and the FBI said the attackers pierced systems at State and about two dozen other global organizations by using forged authentication tokens in a breach first made public by Microsoft on Tuesday night. The Microsoft investigators identified the infiltrators as Storm-0558, a group that primarily uses espionage, credential access and data theft to target government agencies in Western Europe.
The State Department did confirm last week’s hacks by email last Wednesday. In a statement, White House National Security Council spokesperson Adam Hodge said:
“Last month, U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems. Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service. We continue to hold the procurement providers of the U.S. Government to a high security threshold.”
Members of Congress commented on the breaches, including Republican House cyber subcommittee Chair Andrew Garbarino (R-N.Y), who represented his committee in saying it “is in contact with CISA as we continue to uncover more details about China’s latest attack on our federal government.” Intel Committee Chair Senator Mark Warner (D-VA) said in a statement his committee is also “closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence”:
He added:
“It’s clear that the PRC is steadily improving its cyber collection capabilities directed against the U.S. and our allies,” Warner said. “Close coordination between the U.S. government and the private sector will be critical to countering this threat.”
Unsurprisingly, China reacted to the reports with its usual counter accusations of the U.S. “spreading disinformation”:
While not denying that the breach happened, Wang Wenbin, the spokesperson for China’s Ministry of Foreign Affairs, said while responding to a question during a Beijing press conference that, instead, it’s the U.S. that’s “the world’s biggest hacking empire and global cyber thief.”
He continued:
Since last year, cybersecurity institutions from China and elsewhere in the world have issued reports to reveal U.S. government’s cyberattacks against China over the years, but the U.S. has yet to make a response. It is high time that the U.S. explained its cyberattack activities and stopped spreading disinformation to deflect public attention.
As this is a developing story, RedState will bring you further coverage as more details are available.
Join the conversation as a VIP Member