Chinese hackers access unclassified US government emails in targeted breach

Last week, Microsoft revealed that a hacking group based in China gained access to government agency email accounts in a targeted breach. White House national security adviser Jake Sullivan promised those responsible would be held accountable following an ongoing investigation.

According to Microsoft, Chinese hackers initially breached the email accounts in May. The attack was discovered by the State Department a month later and reported to the tech company the same day.

The hacking group was identified as Storm-0558, Microsoft reported, noting that it gained access to "approximately 25 organizations including government agencies."

"The threat actor Microsoft links to this incident is an adversary based in China that Microsoft calls Storm-0558. We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection. This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems," Microsoft wrote in a July blog post regarding the incident.

The breach was "successfully blocked" the same day it was reported.

Secretary of Commerce Gina Raimondo was one of the victims of the attack. A senior Department of Homeland Security official, who asked to remain anonymous, told the Washington Post that there were nine U.S. victims, including a congressional staffer, a human rights activist, and think tanks.

While the attack is still under investigation, the FBI reported that there is no evidence indicating that the Chinese hackers were able to gain access to classified information.

Over the weekend, during an appearance on ABC's "This Week," Sullivan stated that the Biden administration is still attempting to determine who is responsible for the hack and did not directly accuse China of being involved.

"This was actually an intrusion into a Microsoft cloud system, and through that cloud system they got into unclassified U.S. government emails. It was the U.S. government who discovered the intrusion, alerted Microsoft, got it shut down. And now we're taking steps to ensure that's not an ongoing vulnerability," Sullivan stated.

"Secondly, this is the type of activity and behavior that we have seen from multiple foreign adversaries over multiple administrations," he continued. "And in every case, we take the necessary time and rigor to be able to fully investigate what happened, who did it, and what the best response is. We're still in the middle of that. So I'm going to leave it to our continued working through of this challenge. But as we have in the past, we will take steps to hold those who perform this responsible."

Like Blaze News? Bypass the censors, sign up for our newsletters, and get stories like this direct to your inbox. Sign up here!