The case is messy. The US government was the target of a cyberattack of Chinese origin which notably targeted the State Department for several weeks before the visit of the head of diplomacy Antony Blinken to Beijing which occurred after the spy balloon affair.
The hack particularly targeted the email accounts of a number of federal agencies, said computer giant Microsoftreferring to an actor “based in China that Microsoft calls Storm-0558”.
Microsoft did not identify the targets, but a State Department spokesman said Wednesday that the department responsible for formulating US diplomacy had been hit.
“The State Department has detected abnormal activity and has taken immediate action to secure our computer systems and will continue to monitor the situation closely,” he said without further details. “On cybersecurity, we are not disclosing what our response was, and the incident is under investigation,” he added.
No “classified” material
According to washington postthe hacked mailboxes were not classified and the attack does not seem to have affected “the Pentagon” nor “the intelligence or military community”.
President Joe Biden’s national security adviser, Jake Sullivan, spoke on ABC television about hacking activity that was “detected fairly quickly.” “We were able to avoid further breaches,” he said.
This new cyberattack comes at a time when the United States and China, which are engaged in fierce competition, have resumed contacts at the highest level after months of tension, with in particular the visit of the American Secretary of State Antony Blinken to Beijing on last month.
The Microsoft Cloud in question
In the blog post, Microsoft Executive Vice President Charlie Bell clarified that “based on our assessments, this adversary is focused on spying by attempting to access mailboxes to harvest” sensitive information.
According to the Wall Street Journal, Microsoft’s cloud suite, Office 365, is at fault. The hackers notably managed to circumvent the security measures thanks to a key coming, it seems, from the internal network of Microsoft. The company says it opened an investigation related to “abnormal email activity” on June 16, and that it found anomalies that took place as early as May 15.
The hackers “primarily target Western government agencies and focus on espionage, theft of data and credentials”, according to the same source.
At the end of May, the United States, Western allies and Microsoft had already denounced a “cyber-actor” sponsored by China who had infiltrated critical infrastructure networks in the United States. Beijing then denied any involvement and accused the United States of “disinformation”.