Chinese hackers breached the email accounts of Commerce Secretary Gina Raimondo and other Foreign and Commerce Department officials in the weeks before Secretary of State Antony J. Blinken’s visit to Beijing in June, officials said. US officials said on Wednesday.
US officials say an investigation into the efforts of Chinese hackers, who may have links to China’s military or spy agencies, is ongoing. But US officials downplayed the idea that hackers stole sensitive information, stressing that no cloud computing systems or confidential email had been compromised. The State Department’s cybersecurity team first discovered the breach.
Raimondo, one of the administration’s most outspoken critics of Beijing, was one of the targets, according to two US officials. She has tightened export controls on China and threatened to cut off US supplies of semiconductor technology if it supplies chips to Russia. Ms. Raimondo is expected to visit China in late summer.
Based on their preliminary investigation, officials believe she is the only cabinet-level official to have been successfully hacked. The hackers were unable to obtain emails in Blinken’s Microsoft 365 account, even if they had access to other State Department email boxes, officials said.
Many officials said the attack targeted individual email accounts, rather than the large-scale data theft, for which Chinese hackers are suspected. did it before. Biden administration officials declined to provide a full account of which officials were targeted by the hackers.
Microsoft, which disclosed the hack on Tuesday, said it began in May, according to the company’s investigation. The State Department discovered the intrusion on June 16 and notified Microsoft that day, shortly before Blinken’s trip to Beijing, a US official said. He departed from Washington that evening.
The trip is significant for both Washington and Beijing: It is the first visit by a US secretary of state to China in five years and is aimed at establishing high-level communication channels and improving ties. system is deteriorating. Since then, Treasury Secretary Janet L. Yellen has visited Beijing, and John Kerry, the special climate envoy, is due there on Sunday to visit Beijing. four days of negotiation.
President Biden and Chinese President Xi Jinping, agreed during a meeting in Bali, Indonesia, last November to try relationship stability, but tensions between the two nations escalated when the Pentagon spotted and shot down a Chinese spy balloon hovering over the continental United States in early February. Mr. Blinken canceled his trip to China during that time; A few weeks later, he publicly accused Beijing of considering sending military aid to Russia for use in Ukraine.
A senior State Department official, who spoke on condition of anonymity to discuss the sensitive case, said the hack initially did not appear to be directly related to his rescheduled trip. Blinken. Other officials warned that the investigation into which documents, if any, were stolen by the hackers were still in the early stages.
In a statement on Wednesday, the State Department said after detecting “unusual activity,” the government had taken steps to secure the system and “will continue to closely monitor and respond quickly.” with any subsequent activity”.
According to a spokesman, the Commerce Department became aware that its cloud-based email had been compromised when notified by Microsoft, the company began looking for other compromises after the State Department alerted the company to the breach. its violations. Trade has been leading efforts to impose export controls to block the Chinese military’s access to vital US technology, a driving force that has annoyed Beijing at the top.
After the State Department reported the hack to Microsoft, the company discovered that hackers had also targeted about 25 organizations, including government agencies. Some of those organizations are based abroad, and the number of US-based organizations affected is in the single digits, an official with the Cybersecurity and Infrastructure Security Agency said.
US officials said hackers targeted only a few email accounts within each organization, rather than carrying out a large-scale intrusion. But neither US nor Microsoft officials say exactly how many accounts they believe may have been compromised by Chinese hackers.
The US government has not officially blamed China for the attack, perhaps because the Biden administration is trying to keep negotiations with Beijing going. But privately, US officials said they agree with Microsoft attributing the hack to China, and said it was indicative of a sophisticated, government-backed attack.
US officials describe the intrusions as surgical, in contrast to the SolarWinds hacks of 2019 and 2020, in which Russian intelligence used vulnerabilities in the software supply chain to gain access to thousands of Internet.
Spy agencies often use intrusions into rival networks judiciously to try to extract as much information as possible without being detected.
The United States and China are embroiled in a bitter intelligence competition, with both governments trying to expand their collections to the other. US officials said that while such espionage and cyberattacks are possible, they are conducting a vigorous investigation to fix the vulnerability that Chinese hackers used to fight State Department as well as other potential security weaknesses in cloud computing.
On Wednesday, US officials said State Department cybersecurity experts discovered the breach by scrutinizing email access logs – a record of which emails were hacked. and when.
Microsoft, US officials said, charges organizations extra for regular access to those logs. Some of the entities affected by the hack did not have that access, meaning that without Microsoft’s help they could not have detected the intrusion. US officials have pushed Microsoft to make access logs available to all organizations that have a cloud computing contract with them.
The State Department is a frequent target of attacks by foreign governments. Russian intelligence has repeatedly targeted the computer networks of the Ministry of Foreign Affairs. In 2014 and 2015, Russian hackers infiltrated the State Department, Joint Chiefs of Staff, and White House as well as important but unclassified computer networks.
