Commerce Secretary Gina Raimondo's emails were hacked in the breach, making her the only Cabinet-level official to be compromised so far, The Washington Post, ABC News and CNN reported.
A congressional staffer, a U.S. humanitarian advocate and a host of research institutes across the country, were also targeted, according to The Washington Post.
The breach, discovered on June 16, targeted nine U.S. organizations among 25 global entities, as well as individuals associated with them, through apparent cracks in Microsoft's cloud security systems.
Only a small fraction of government email accounts in the U.S. were exposed before the hack was contained, officials said.
In a Tuesday statement, Microsoft said it successfully thwarted the attack and placed blame on "an adversary based in China" who was "focused on espionage."
"We have successfully blocked Storm-0558 from accessing customer email," the company said, referring to an unidentified hacker based in China who managed to gain access to the Outlook email accounts.
Microsoft engineers found out about the breach from the government on June 16, but a preliminary investigation has since determined the trail of anomalous mail activity went back as far as May 15.
Earlier this year, Raimondo took steps to impose sanctions on China, but has since vowed to seek improved relations after a sit-down with her Chinese counterpart in May.
The breach, which came to light just days before Secretary of State Anthony Blinken's visit to Beijing in mid-June, was still being investigated to determine its full scope.
The FBI said no U.S. secrets were believed to be compromised, and that the attack was extinguished before spreading beyond the email protocol.
In a statement to the Washington Post, National Security Council spokesman Adam Hodges confirmed the hackers had only gained access to unclassified information.
"Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service. We continue to hold the procurement providers of the U.S. government to a high security threshold."
On Wednesday, State Department spokesperson Matthew Miller said his agency responded swiftly to the breach, but he refused to speculate whether China was involved.
"We have not yet made a public attribution," he said. "I can say that last month the State Department detected anomalous activity. We did two things immediately. One, we took immediate steps to secure our systems, and two, took immediate steps to notify Microsoft of the event."
"As a matter of cyber security policy, we do not discuss the details of our response. The incident remains under investigation, and we continuously monitor our networks and update our security procedures," he added.
The hackers used forged electronic authentication tokens to pull the email data, Microsoft said, adding that "it only takes one successfully compromised account login to gain persistent access."
The incident was the latest in a series of recent Chinese actions against IT systems throughout Western Europe, Microsoft said, while trying to reassure customers that their personal data was safe.
Tensions have escalated between Beijing and Washington in the wake of an explosive episode in February in which Biden ordered the U.S. military to shoot down a Chinese spy balloon after it drifted across the country for several days.
In May, Western intelligence agencies accused China of spying on critical U.S. infrastructure as part of a worldwide surveillance campaign.
The latest breach also comes as the Biden administration has stepped up efforts to uproot Chinese telecommunications equipment worldwide amid increasing fears of espionage.
In retaliation, China has begun blocking access to its rich supply of raw materials that are needed to make next-generation microchips.
With tensions rising in Southeast Asia, the U.S. government was working with its global partners to stop emerging technologies from reaching China as Washington was wary that Beijing could use the advances to enhance its war machine.
Earlier this year President Joe Biden banned federal employees from using TikTok on government devices, citing national security concerns as the app was owned by the Chinese company ByteDance. The popular app has also been banned on government devices in dozens of U.S. states.
Hacking fears have also reached a fever pitch on Capitol Hill as several lawmakers have introduced bills that would severely limit domestic use of Chinese technology.
Related Links
Cyberwar - Internet Security News - Systems and Policy Issues
| Subscribe Free To Our Daily Newsletters |
| Subscribe Free To Our Daily Newsletters |
