The Department of State (DOE) and intelligence services are investigating a "significant cybersecurity breach" involving hackers located in China who have been accessing emails of high-ranking U.S. officials for months, including personnel from the DOE. Although a Department spokesman declined to clarify whether the hack was organized by the Chinese Communist Party, the chairman of the Senate Intelligence Committee, Mark Warner, indicated that Chinese intelligence agents were responsible.
The State Department's Cybersecurity Services detected "anomalous activity" in June, on the eve of Secretary Blinken's trip to China. After discovering the incident, "we did two things immediately. One, we took immediate steps to secure our systems, and two, took immediate steps to notify Microsoft of the event. As a matter of cyber security policy, we do not discuss the details of our response. The incident remains under investigation, and we continuously monitor our networks and update our security procedures," said a Department spokesperson.
Spying began a month before it was detected
Microsoft was able to mitigate the cyberattack and blocked access to the affected accounts, which was named "Storm-0558." In addition, their investigation indicated that the intrusion began about a month before it was discovered and accessed "email accounts affecting approximately 25 organizations including government agencies as well as related consumer accounts of individuals likely associated with these organizations" in Europe and the United States.
For the time being, sources have acknowledged that the Departments of State and Commerce were victims of the attack, although more could have been hit. Secretary of Commerce Gina Raimondo is the only Cabinet member to have been directly affected by the hackers, The Washington Post reports. Raimondo's choice is not coincidental, since her department has issued limits on Chinese exports. The email accounts of a member of Congress, a human rights advocate and national think tanks were also hacked.
The National Security Council and other government agencies emphasize that the attack affected "unclassified systems" and private accounts, so the information that the spies may have obtained would not pose a particularly high risk to national security.
Senate Targets Chinese Communist Regime
The latest cybersecurity breach reminds us China is an increasingly aggressive bad actor. The U.S. must be clear eyed to the threat. We also need to work closely with the private sector and our allies in defending against Chinese cyber espionage and attack capabilities worldwide.
— Senator Marco Rubio (@SenMarcoRubio) July 12, 2023
Although the State Department, citing the secrecy of the ongoing investigation, refused to explicitly confirm that China is behind the espionage attempt, Microsoft said in a statement that the hacking of Storm 0558 was carried out from somewhere within the country. Senate Intelligence Committee Chairman Mark Warner, a Democrat, took direct aim at Chinese intelligence services in a statement:
The Senate Intelligence Committee is closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence. It’s clear that the PRC is steadily improving its cyber collection capabilities directed against the U.S. and our allies. Close coordination between the U.S. government and the private sector will be critical to countering this threat.
