Chinese hackers breached US email servers for a month

National security adviser downplays a hack on Microsoft-hosted government email servers.

Washington

A breach of Microsoft-hosted U.S. government email servers by a Chinese hacking group was detected and fixed “fairly rapidly,” National Security Adviser Jake Sullivan said on Wednesday, despite Microsoft saying that the breach was only discovered after a month.

Microsoft on Tuesday revealed that the group, known as Storm-0558, had been caught forging digital authentication tokens to access federal government email servers hosted on its Outlook email platform.

The company said the breach was detected on June 16, and that it believed the hackers had first gained access around May 15. But Sullivan appeared to downplay the hack on Wednesday, telling a morning news program that the breach was remedied quickly.

“We detected it fairly rapidly and we were able to prevent further breaches,” Sullivan said on ABC’s Good Morning America. “The matter is still being investigated so I have to leave it there.”

Not Falkland Islanders

State Department spokesman Matthew Miller said the U.S. government had not formally identified the source of the hack, but that officials were aware of Microsoft’s announcement pointing to the Chinese group.

“Last month, the State Department detected anomalous activity. We did two things immediately: one, we took immediate steps to secure our systems and, two, took immediate steps to notify Microsoft of the event,” Miller said during a press briefing. “As a matter of cybersecurity policy, we do not discuss the details of our response.”

Miller would also not say if officials were aware of the hack before Secretary of State Antony Blinken's trip to Beijing, which also followed reports of a Chinese spy base in Cuba. Blinken arrived in Beijing on June 17, the day after Microsoft says the hack was discovered.

But the spokesman stressed there was no official determination about the hack’s origins. Pressed by a reporter, he ruled out only one origin.

“I do not believe it’s people from the Falkland Islands,” he said.

Cyber espionage

Microsoft said in its statement that the Storm-0558 hacking group “primarily targets government agencies” in Western Europe, but this time had “gained access to email accounts affecting approximately 25 organizations including government agencies” in the United States.

“Microsoft investigations determined that Storm-0558 gained access to customer email accounts using Outlook Web Access in Exchange Online and Outlook.com by forging authentication tokens to access user email,” it said. “Microsoft blocked usage of tokens issued with the key for all impacted consumer customers.”

In a blog post, the company also said the group were likely spies.

“We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection,” Microsoft said. “This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems.”

U.S. officials have over the past year intensified warning about the threats to American business and government posed by Chinese hackers. In July last year, FBI director Christopher Wray said Beijing was intent on exploiting cyber vulnerabilities to its advantage.

The comments followed another hack by a suspected Chinese hacking group, Hafnium, on email servers hosted by Microsoft Exchange.

“The Chinese government sees cyber as the pathway to cheat and steal on a massive scale,” Wray said. “Over the last few years, we’ve seen Chinese state-sponsored hackers relentlessly looking for ways to compromise unpatched network devices and infrastructure.”

Chinese response

Chinese Foreign Ministry spokesman Wang Wenbin used his press briefing on Wednesday to accuse the U.S. government of overseeing “the world’s No.1 hacking group” – the National Security Agency – but otherwise did not comment on the claims against Storm-0558.

Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, told Radio Free Asia that China condemned any hack, and reiterated Wang’s claims the United States was responsible for cyber attacks.

He said that the United States was “actually the biggest hacking empire and global cyber thief” and added that the U.S. government should stop “spreading disinformation to deflect public attention.”

“China is against cyber attacks of all kinds and has suffered from cyber hacking,” Liu said in an emailed comment. “Since last year, cyber security institutions from China and elsewhere in the world have issued reports to reveal [the] US government’s cyber attacks against China over the years, but the US has yet to make a response.”

Edited by Malcolm Foster.