Chinese cyber attackers, who infiltrated Microsoft’s email platform earlier this year, have reportedly accessed tens of thousands of emails from accounts of the U.S. State Department, reveals a Senate aide who spoke to Reuters this Wednesday.
The aide, choosing to remain anonymous, is employed under Senator Eric Schmitt (R-MO).
In a briefing attended by the aide, State Department IT specialists disclosed to legislators that approximately 60,000 emails have been pilfered from 10 distinct State Department accounts.
It was shared that nine of the compromised accounts were associated with individuals focusing on East Asia and the Pacific, while one was related to European affairs.
The U.S. and Microsoft had previously, in July, disclosed that hackers, allegedly linked to the Chinese state, had been infiltrating email accounts of around 25 entities, including the U.S. Commerce and State Departments, since May.
However, the full scope of the compromise is yet to be ascertained.
The majority of the State Department officials affected were primarily engaged in Indo-Pacific diplomatic initiatives.
The hackers, as per the briefing, also managed to acquire a comprehensive list of the department’s email accounts.
The breach of the State Department’s email accounts was facilitated by the compromise of a device belonging to a Microsoft engineer, as per the details shared in the briefing.
Microsoft had earlier acknowledged that the breach affecting senior officials at the U.S. State and Commerce Departments originated from the compromise of a corporate account of a Microsoft engineer.
Senator Schmitt emphasized the need for robust defenses against such cyber threats, stating, “We need to harden our defenses against these types of cyberattacks and intrusions.”
He also highlighted the potential vulnerabilities arising from the federal government’s dependency on a single vendor, asserting, “We need to take a hard look at the federal government’s reliance on a single vendor as a potential weak point.”
Microsoft identified the hacking group responsible as Storm-0558, revealing that the group had infiltrated webmail accounts operating on Microsoft’s Outlook service.
