Chinese hackers breached U.S. email accounts, says top cybersecurity agency

Chinese hackers breached email accounts belonging to several government officials as part of an alleged spying campaign, according to statements by Microsoft and Cybersecurity and Infrastructure Security Agency (CISA), issued on Tuesday. 

The breach targeted unclassified email systems of specific government officials from federal agencies in an attempt to acquire sensitive information, the statements said. 

Some of the emails hacked include officials from the State Department, the Department of Commerce, and the U.S. House of Representatives. It is unclear if other agencies were targeted. The only cabinet-level official whose email was hacked belonged to Commerce Secretary Gina Raimondo, an outspoken critic of Beijing. 

The hackers were first detected on June 16 by the State Department, which detected unusual activity on its Microsoft 365 email cloud last month, according to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). The state department then reported it to Microsoft. 

The hack is still being investigated and the extent of the information that the hackers had access to is still unknown.

Microsoft identified the hackers as part of the China-based group it calls Storm-0558, which is likely affiliated with China’s military of spy services, according to government officials. 

According to Microsoft, beginning in May, the hacking group forged digital authentication services to access accounts on its Outlook service.  

"As with any observed nation-state actor activity, Microsoft has contacted all targeted or compromised organizations directly via their tenant admins and provided them with important information to help them investigate and respond," the company added.

The State Department said that it was taking further steps to secure the system and “will continue to closely monitor and quickly respond to any further activity.”

This is not the first time that Microsoft has been breached. In May, a Chinese hacking group known as “Volt Typhoon” hacked and spied on several U.S. critical infrastructure organizations, including telecommunications and transportation hubs.