Chinese Hackers Have Been Reading US Government Emails

The US State Department has used a sophisticated alert system to discover an advanced Chinese spying campaign that involved breaches of officials’ emails. The suspected Chinese hackers, who forged Microsoft customer identities to read the emails of State Department employees, also obtained the personal and political emails of a member of the House Armed Services Committee.

This recent Chinese-linked hack of US government emails was first detected in June and may have gone unnoticed for much longer, were it not for an enterprising government IT analyst.

A State Department cyber security expert spearheaded an effort to implant a custom warning mechanism into the agency’s network more than two years ago in anticipation of future hacks, the officials said, shedding new light on how they spotted the breach. The tripwire-like alert went off almost immediately when Chinese spies targeted the agency’s Microsoft email systems in mid-June, enabling the agency to tip off Microsoft and the rest of the US government to the sophisticated spying campaign. 

The hack, which Microsoft disclosed in July, still compromised the unclassified emails of top officials at the State and Commerce Departments, including Commerce Secretary Gina Raimondo and Nicholas Burns, the US ambassador to China.

The disclosure from the State Department underscores both how federal agencies are adapting to beat back increasingly sophisticated cyber threats, and how easily the Chinese hackers might have gotten away with their exploits.

The State Department was the first to report the activity to the US government and to Microsoft. The firm has said the hackers used a powerful digital key they stole via a cascade of internal security mishaps to breach more than two dozen organisations globally, and at least 10 within the US, none of which spotted the intrusion until the State Department did.

This hack attack has caused a lot of criticism about Microsoft from lawmakers, government cyber security officials and the security industry because only customers who had purchased an enhanced security license, known as E5, had access to the type of forensic trail necessary to determine whether a hack had taken place.

Several victims in addition to the Commerce Department have acknowledged they were affected, including personnel at the State Department and US House of Representatives. The intrusion activity began in May and in August the Google-owned cyber security firm Mandiant announced that suspected state-backed Chinese hackers had broken into the networks of hundreds of public and private sector organisations globally, exploiting a vulnerability in a popular email security tool.

A Chinese foreign ministry spokesman called the US accusation of hacking “disinformation” aimed at diverting attention from US cyber espionage against China. “No matter which agency issued this information, it will never change the fact that the United States is the world’s largest hacker empire conducting the most cyber theft."

Indeed, t is widely acknowledged that US intelligence agencies also use hacking as a critical espionage tool, which is not a violation of international law.

Politico:    WashingtonPost:    NYT:   @DonBacon:    Reuters:    ABC:                 Image: GOCMEN

You Might Also Read:   

Cyber War, Intelligence, Malware & Espionage:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Enterprise Cybersecurity Today: A Vast Landscape To Secure
Australian Government Suffers A Widespread Ransom Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: Navigating cloud security: The importance of posture management tools

ON-DEMAND WEBINAR: Navigating cloud security: The importance of posture management tools

Watch this webinar to see how cloud security posture management (CSPM) tools can fit into your cloud security strategy.

Quttera

Quttera

Quttera provides Website Security Solutions for Small & Medium Businesses, Enterprises and Organizations.

CCN-CERT

CCN-CERT

CCN-CERT is the Spanish national government computer security incident response centre.

German Cyber Security Organisation (DCSO)

German Cyber Security Organisation (DCSO)

DCSO is an IT security specialist with a focus in three areas - technology management, managed security services, security consulting and auditing.

SentinelOne

SentinelOne

SentinelOne is a pioneer in delivering autonomous security for the endpoint, datacenter and cloud environments to help organizations secure their assets with speed and simplicity.

SBS CyberSecurity

SBS CyberSecurity

SBS CyberSecurity is a premier cybersecurity consulting and audit firm.

Expanse

Expanse

Expanse SaaS-delivered products plus service expertise reduce your internet edge risk to prevent breaches and successful attacks.

Abion

Abion

At Abion (formerly BRANDIT), we empower your business by providing comprehensive brand protection and web security services.

Citalid

Citalid

The Citalid cyber risk management platform combines threat and business intelligence to identify the risks scenarios you face.

Cohesity

Cohesity

Cohesity radically simplifies the way businesses back up, manage, protect, and extract value from their data—in the data center, at the edge, and in the cloud.

1Kosmos

1Kosmos

1Kosmos provide Digital Identity and Passwordless Authentication for workforce and customers. Powered by advanced biometrics and blockchain technology.

Red Goat Cyber Security

Red Goat Cyber Security

Red Goat Cyber Security have created excellent, informative and interactive Social Engineering Awareness training which is suitable for all levels of staff.

Slamm Technologies

Slamm Technologies

Slamm Technologies is a trusted IT firm that offers Cyber Security Support, Corporate IT Solutions and Professional IT Training courses with international certification.

Synoptek

Synoptek

Synoptek is a global systems integrator and managed IT services provider (MSP). We offer comprehensive IT management and consultancy services to organizations worldwide.

Aquia

Aquia

Aquia are on a mission to enable innovation and drive transformative change to solve the world’s most pressing and complex cybersecurity challenges.

c0c0n

c0c0n

c0c0n is the longest running conferences in the area of Information Security and Hacking, in India.

Hacker School

Hacker School

Hacker School offers technology motivated training programs that provide Cyber Security Certifications and Courses.