US Officials: Chinese Hackers Breached Unclassified Govt Email by Foiling Microsoft Security

World Artificial Intelligence Conference in Shanghai
A presenter talks about Microsoft in the Information Age during the World Artificial Intelligence Conference in Shanghai, Thursday, July 6, 2023. (AP Photo/Ng Han Guan)

U.S. officials say state-backed Chinese hackers foiled Microsoft's cloud-based security to break into unclassified U.S. government email systems at an unspecified number of agencies including the State Department.

The extent of the hack was not immediately clear, but a person familiar with the hack investigation said U.S. military and intelligence agencies were not among those impacted. Another U.S. official said the State Department was the first agency to discover the breach.

The officials spoke on condition they not be further identified.

In a technical advisory Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency and the FBI said Microsoft had determined the hackers accessed and stole data “from a small number of accounts” by impersonating authorized users.

Nevertheless, Senate intelligence committee chair Mark Warner issued a statement saying it was “closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence” that shows China is “steadily improving its cyber collection capabilities directed against the U.S. and our allies.”

The hack was disclosed late Tuesday by Microsoft in a blog post. It said it was alerted to the breach, which it blamed on a state-backed, espionage-focused Chinese hacking group “known to target government agencies in Western Europe,” on June 16. Microsoft said the group, which it calls Storm-0558, had gained access to email accounts affecting about 25 organizations including government agencies since mid-May as well as to consumer accounts of individuals likely associated with those agencies.

Microsoft did not identify the agencies or the governments involved.

A spokesman for the U.S. National Security Council, Adam Hodge, said in a statement that “government safeguards” detected the intrusion and Microsoft was immediately contacted. “We continue to hold the procurement providers of the U.S. Government to a high security threshold.”

The Storm-0558 hackers broke in using forged authentication tokens — data used to verify the identity of a user — to access the email accounts, Microsoft said. It said it dealt with vulnerability and informed affected customers. 1

U.S. National Security Adviser Jake Sullivan, at the NATO summit in Vilnius, Lithuania, where told ABC’s “Good Morning America” the investigation is ongoing. “We detected it fairly rapidly and we were able to prevent further breaches,” Sullivan said. “The matter is still being investigated, so I have to leave it there because we’re gathering further information in consultation with Microsoft and we will continue to appraise the public as we learn more.”

A Chinese foreign ministry spokesman, Wang Wenbin, called accusation “disinformation” aimed at diverting attention from U.S. cyberespionage against China.

“No matter which agency issued this information, it will never change the fact that the United States is the world’s largest hacker empire conducting the most cyber theft,” Wang said in a routine briefing.

Last month, Google-owned cybersecurity firm Mandiant said suspected state-backed Chinese hackers broke into the networks of hundreds of public and private sector organizations globally exploiting a vulnerability in a popular email security tool.

Earlier this year, Microsoft said state-backed Chinese hackers were targeting U.S. critical infrastructure and could be laying the technical groundwork to disrupt critical communications between the U.S. and Asia during future crises.


Associated Press writers Matthew Lee and Aamer Madhani in Washington contributed to this report.

Story Continues