State-linked Chinese hackers secretly accessed email accounts at least two US government agencies, including that of Commerce secretary Gina Raimondo, American officials and Microsoft alleged on Wednesday.
Raimondo is the only known cabinet-level official to have their account breached in the incident that officials say targeted around 25 organisations.
Attributing the hack to China, Microsoft said in a statement that the hacking group – which it dubbed Storm-0558 – forged digital authentication tokens to access webmail accounts running on the firm’s Outlook service.
Meanwhile, China’s embassy in London said the accusation was “disinformation” and called the US government “the world’s biggest hacking empire and global cyber thief.” China routinely denies involvement in hacking operations regardless of the available evidence or context.
Private sector cybersecurity experts have said newly discovered hacking activity shows how Chinese groups are improving their cyber capabilities.
“Chinese cyber espionage has come a long way from the smash-and-grab tactics many of us are familiar with,” John Hultquist, chief analyst for US cybersecurity firm Mandiant, said.
White House national security adviser Jake Sullivan said the United States detected a breach of federal government accounts “fairly rapidly” and managed to prevent further breaches, in an interview with ABC’s “Good Morning America” programme.
The US State and Commerce Departments said in statements that they were among the affected agencies.
White House National Security Council spokesman Adam Hodge said an intrusion in Microsoft’s cloud security “affected unclassified systems,” without elaborating.
“Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” Hodge added.
The State Department “detected anomalous activity” and “took immediate steps to secure our systems,” a department spokesperson said in a statement.
The Commerce Department also said it took “immediate action” after Microsoft notified it of a compromise.
Microsoft did not say which organisations or governments had been affected, but added that the hacking group involved primarily targets entities in Western Europe.
“As with any observed nation-state actor activity, Microsoft has contacted all targeted or compromised organisations directly via their tenant admins and provided them with important information to help them investigate and respond,” the company said.
A senior US government official told reporters it would be unfair to compare the hack to the SolarWinds compromise, a sweeping set of digital break-ins that were disclosed in late 2020 and blamed on Russian cyberspies.
“This intrusion should not be compared to SolarWinds,” the official said, calling the recently discovered campaign “much narrower.”
- Reuters, with additional editing by Vishakha Saxena