Chinese Hackers Have Been Reading US Government Emails

The US State Department has used a sophisticated alert system to discover an advanced Chinese spying campaign that involved breaches of officials’ emails. The suspected Chinese hackers, who forged Microsoft customer identities to read the emails of State Department employees, also obtained the personal and political emails of a member of the House Armed Services Committee.

This recent Chinese-linked hack of US government emails was first detected in June and may have gone unnoticed for much longer, were it not for an enterprising government IT analyst.

A State Department cyber security expert spearheaded an effort to implant a custom warning mechanism into the agency’s network more than two years ago in anticipation of future hacks, the officials said, shedding new light on how they spotted the breach. The tripwire-like alert went off almost immediately when Chinese spies targeted the agency’s Microsoft email systems in mid-June, enabling the agency to tip off Microsoft and the rest of the US government to the sophisticated spying campaign. 

The hack, which Microsoft disclosed in July, still compromised the unclassified emails of top officials at the State and Commerce Departments, including Commerce Secretary Gina Raimondo and Nicholas Burns, the US ambassador to China.

The disclosure from the State Department underscores both how federal agencies are adapting to beat back increasingly sophisticated cyber threats, and how easily the Chinese hackers might have gotten away with their exploits.

The State Department was the first to report the activity to the US government and to Microsoft. The firm has said the hackers used a powerful digital key they stole via a cascade of internal security mishaps to breach more than two dozen organisations globally, and at least 10 within the US, none of which spotted the intrusion until the State Department did.

This hack attack has caused a lot of criticism about Microsoft from lawmakers, government cyber security officials and the security industry because only customers who had purchased an enhanced security license, known as E5, had access to the type of forensic trail necessary to determine whether a hack had taken place.

Several victims in addition to the Commerce Department have acknowledged they were affected, including personnel at the State Department and US House of Representatives. The intrusion activity began in May and in August the Google-owned cyber security firm Mandiant announced that suspected state-backed Chinese hackers had broken into the networks of hundreds of public and private sector organisations globally, exploiting a vulnerability in a popular email security tool.

A Chinese foreign ministry spokesman called the US accusation of hacking “disinformation” aimed at diverting attention from US cyber espionage against China. “No matter which agency issued this information, it will never change the fact that the United States is the world’s largest hacker empire conducting the most cyber theft."

Indeed, t is widely acknowledged that US intelligence agencies also use hacking as a critical espionage tool, which is not a violation of international law.

Politico:    WashingtonPost:    NYT:   @DonBacon:    Reuters:    ABC:                 Image: GOCMEN

You Might Also Read:   

Cyber War, Intelligence, Malware & Espionage:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Enterprise Cybersecurity Today: A Vast Landscape To Secure
Australian Government Suffers A Widespread Ransom Attack »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Xcitium

Xcitium

Xcitium (formerly Comodo) is and industry leading provider of state-of-the-art endpoint protection solutions. Our Zero threat platform isolates and removes all ransomware & malware infectictions.

JLT Specialty

JLT Specialty

JLT Specialty is a leading specialist insurance broker. Services offered include Cyber Risks insurance.

RiskLens

RiskLens

RiskLens is a software company that specializes in the quantification of cybersecurity risk.

CodeOne

CodeOne

CodeOne provides solutions for website and web app security.

CyberDef

CyberDef

CyberDef is a consulting company specialising in cyber defence services for small and medium enterprises.

Watchcom Security Group

Watchcom Security Group

Watchcom is one of Norway's foremost suppliers of information security consultancy services.

CSO GmbH

CSO GmbH

CSO GmbH provide specialist consultancy services in the area of IT security.

Belden

Belden

Belden is a global leader in signal transmission and security solutions for mission-critical applications in enterprise and industrial markets. Belden brands include Hirschmann and Tofino Security.

Hub One

Hub One

Hub One is a leading player in digital transformation with expertise in broadband connectivity, business solutions for traceability and mobility, IOT in industrial environments and cybersecurity.

Parameter Security

Parameter Security

Parameter Security is a provider of ethical hacking and information security services.

AlertFusion

AlertFusion

AlertFusion is a platform that makes security operations more effective. It complements existing tools and technologies, unifies operations, enhances process maturity and drives efficiencies.

Cyber Ireland

Cyber Ireland

Cyber Ireland brings together Industry, Academia and Government to represent the needs of the Cyber Security Ecosystem in Ireland.

Argentra

Argentra

Argentra is a specialist engineering company, we have years of experience developing custom security software and providing security risk consulting.

TopSOC Information Security

TopSOC Information Security

TopSOC Information Security provide a wide range of security consultation, implementation and training services.

NoviFlow

NoviFlow

NoviFlow is a leading provider of terabit networking software solutions for Communication Service Providers (CSPs).

Tranchulus

Tranchulus

Tranchulus are a global provider of offensive and defensive cyber solutions, information security assessment, compliance and managed security services.