Chinese hackers who breached Microsoft’s email platform this year successfully stole tens of thousands of emails from U.S. State Department accounts, as revealed by a Senate staffer on Wednesday.
During a briefing attended by the staffer, State Department IT officials informed lawmakers that 60,000 emails had been stolen from 10 State Department accounts. Of these, nine belonged to individuals focusing on East Asia and the Pacific, while one pertained to European affairs.
This breach, disclosed in July by U.S. off icials and Microsoft, implicated Chinese state-affiliated hackers who had gained unauthorized access to email accounts in approximately 25 organizations, including the U.S. Commerce and State Departments.
The full extent of the breach remains uncertain, and these allegations have strained U.S.-China relations, with Beijing consistently denying involvement.
The compromised State Department personnel mainly concentrated on Indo-Pacific diplomacy efforts. The hackers also acquired a comprehensive list of all department emails, according to information shared during the Wednesday briefing.
This wide-reaching hack has underscored Microsoft’s significant role in providing IT services to the U.S. government. To bolster security, the State Department has initiated the transition to “hybrid” environments involving multiple vendor companies and increased utilization of multi-factor authentication, as outlined by officials during the briefing.
The breach reportedly began with the compromise of a Microsoft engineer’s device, which subsequently facilitated the intrusion into State Department email accounts.
Microsoft had previously acknowledged that a cyberattack targeting senior officials at the U.S. State and Commerce Departments stemmed from the breach of a Microsoft engineer’s corporate account.
As of now, there has been no response from Microsoft regarding the Senate briefing. The company, which has faced scrutiny over its security practices in the wake of these breaches, had stated that the hacking group responsible, known as Storm-0558, had infiltrated webmail accounts running on its Outlook service.
