Chinese Hackers Stole Emails From US State Dept In MS Breach

Man holds laptop computer as cyber code is projected on him in this illustration picture

A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration/File photo Acquire Licensing Rights

WASHINGTON, Sept 27 (Reuters) – Chinese hackers who breached Microsoft’s (MSFT.O) email platform this year managed to steal tens of thousands of emails from U.S. State Department accounts, a Senate staffer told Reuters on Wednesday.

The staffer, who attended a briefing by State Department IT officials, said the officials told lawmakers that 60,000 emails were stolen from 10 State Department accounts. Nine of those victims were working on East Asia and the Pacific and one worked on Europe, according to the briefing details shared via email by the staffer, who declined to be named.

The staffer works for Senator Eric Schmitt.

U.S. officials and Microsoft said in July that Chinese state-linked hackers since May had accessed email accounts at around 25 organizations, including the U.S. Commerce and State Departments. The extent of the compromise remains unclear.

U.S. allegations that China was behind the breach have strained an already tense relationship between the countries, as Beijing has denied the charges.

The State Department individuals whose accounts were compromised mostly focused on Indo-Pacific diplomacy efforts, and the hackers also obtained a list containing all of the department’s emails, according to the Wednesday briefing.

The sweeping hack has refocused attention on Microsoft’s outsize role in providing IT services to the U.S. government. The State Department has begun moving to “hybrid” environments with multiple vendor companies and improved uptake of multi-factor authentication, as part of measures to protect its systems, according to the officials at the briefing.

The hackers compromised a Microsoft engineer’s device, which allowed them to breach the State Department’s email accounts, according to the briefing.

Microsoft earlier this month said that a hack of senior officials at the U.S. State and Commerce Departments stemmed from the compromise of a Microsoft engineer’s corporate account.

“We need to harden our defenses against these types of cyberattacks and intrusions,” Schmitt said in a statement shared by the staffer in an email to Reuters following the briefing.

“We need to take a hard look at the federal government’s reliance on a single vendor as a potential weak point,” he said.

A Microsoft spokesman did not have an immediate comment on the Senate briefing. The company, which has faced criticism over its security practices since the breaches, has said that the hacking group behind them – dubbed Storm-0558 – had broken into webmail accounts running on the firm’s Outlook service.

The State Department did not immediately return a message seeking comment on Wednesday, and Schmitt wasn’t available for an interview.

Reporting by Raphael Satter and Zeba Siddiqui; Editing by Leslie Adler

Our Standards: The Thomson Reuters Trust Principles.

Acquire Licensing Rights, opens new tab

Reporter covering cybersecurity, surveillance, and disinformation for Reuters. Work has included investigations into state-sponsored espionage, deepfake-driven propaganda, and mercenary hacking.

READ MORE HERE