The recently uncovered Chinese hack of hundreds of thousands of emails from top U.S. officials began with the breach of a Microsoft engineer’s account, the company stated on Sept. 6.
The Chinese hacking group, which Microsoft dubbed Storm-0558, penetrated the engineer’s account, giving it access to a cryptographic key that the group later used to break into the U.S. government accounts, Microsoft said in a blog post after a months-long investigation.
The revelation offered details on a Chinese state-sponsored cyberattack that alarmed Washington, which spanned 25 organizations and affected the State and Commerce departments, as well as at least one lawmaker and a Washington think tank.
Among the individuals whose email systems were breached were Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns, and Assistant Secretary of State for East Asia Daniel Kritenbrink. Rep. Don Bacon (R-Neb.) said in August that he was also a victim of the hacking campaign.
Microsoft stated that the Chinese hackers had likely exploited the crash of the company’s internal system in April 2021 that leaked the key, which the engineer’s corporate account had access to. The hacker group subsequently forged credentials to compromise Microsoft’s Outlook on the web and Outlook systems. The tech giant stated that it has corrected the technical vulnerabilities.
The hacking attempt surfaced at a sensitive time. The investigation began the same day that Secretary of State Antony Blinken headed to China to engage with senior Chinese officials, the highest-ranking official under the Biden administration to do so. CNN, citing two unnamed U.S. officials, reported in July that the Biden administration believes that the hacking operation had given Beijing clues about U.S. thinking ahead of the U.S. visit.
Hellbound and Down 