Chinese Hackers Have Been Reading US Government Emails

The US State Department has used a sophisticated alert system to discover an advanced Chinese spying campaign that involved breaches of officials’ emails. The suspected Chinese hackers, who forged Microsoft customer identities to read the emails of State Department employees, also obtained the personal and political emails of a member of the House Armed Services Committee.

This recent Chinese-linked hack of US government emails was first detected in June and may have gone unnoticed for much longer, were it not for an enterprising government IT analyst.

A State Department cyber security expert spearheaded an effort to implant a custom warning mechanism into the agency’s network more than two years ago in anticipation of future hacks, the officials said, shedding new light on how they spotted the breach. The tripwire-like alert went off almost immediately when Chinese spies targeted the agency’s Microsoft email systems in mid-June, enabling the agency to tip off Microsoft and the rest of the US government to the sophisticated spying campaign. 

The hack, which Microsoft disclosed in July, still compromised the unclassified emails of top officials at the State and Commerce Departments, including Commerce Secretary Gina Raimondo and Nicholas Burns, the US ambassador to China.

The disclosure from the State Department underscores both how federal agencies are adapting to beat back increasingly sophisticated cyber threats, and how easily the Chinese hackers might have gotten away with their exploits.

The State Department was the first to report the activity to the US government and to Microsoft. The firm has said the hackers used a powerful digital key they stole via a cascade of internal security mishaps to breach more than two dozen organisations globally, and at least 10 within the US, none of which spotted the intrusion until the State Department did.

This hack attack has caused a lot of criticism about Microsoft from lawmakers, government cyber security officials and the security industry because only customers who had purchased an enhanced security license, known as E5, had access to the type of forensic trail necessary to determine whether a hack had taken place.

Several victims in addition to the Commerce Department have acknowledged they were affected, including personnel at the State Department and US House of Representatives. The intrusion activity began in May and in August the Google-owned cyber security firm Mandiant announced that suspected state-backed Chinese hackers had broken into the networks of hundreds of public and private sector organisations globally, exploiting a vulnerability in a popular email security tool.

A Chinese foreign ministry spokesman called the US accusation of hacking “disinformation” aimed at diverting attention from US cyber espionage against China. “No matter which agency issued this information, it will never change the fact that the United States is the world’s largest hacker empire conducting the most cyber theft."

Indeed, t is widely acknowledged that US intelligence agencies also use hacking as a critical espionage tool, which is not a violation of international law.

Politico:    WashingtonPost:    NYT:   @DonBacon:    Reuters:    ABC:                 Image: GOCMEN

You Might Also Read:   

Cyber War, Intelligence, Malware & Espionage:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Enterprise Cybersecurity Today: A Vast Landscape To Secure
Australian Government Suffers A Widespread Ransom Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

National Cyber Security Centre (NCSC) - Norway

National Cyber Security Centre (NCSC) - Norway

NCSC is part of the Norwegian Security Authority, and is Norway's national cyber security hub and the national CERT.

Softtek

Softtek

Softtek provides comprehensive software Quality Assurance and Testing that identifies the correctness, completeness, and quality level of software products.

Cradlepoint

Cradlepoint

With Cradlepoint customers leverage the speed and economics of wired and wireless Internet broadband for branch, mobile, and IoT networks while maintaining end-to-end visibility, security and control.

Padlock

Padlock

Padlock is a trusted platform with an intimate knowledge of the cybersecurity industry that connects businesses with freelance professionals

Information System Authority (RIA) - Estonia

Information System Authority (RIA) - Estonia

RIA ensures the interoperability of the state’s information system, organises activities related to information security, and handles security incidents in Estonian computer networks.

FraudWatch International

FraudWatch International

FraudWatch has been protecting client brands around the world since 2003, and are the leaders in online brand protection from phishing, malware, social media and mobile apps impersonation.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

New Net Technologies (NNT)

New Net Technologies (NNT)

NNT SecureOps provides ultimate protection against all forms of cyberattack and data breaches by automating the essential security controls.

LiveAction

LiveAction

LiveAction provides end-to-end visibility of network and application performance from a single pane of glass.

1898 & Co

1898 & Co

Keep your critical assets secure with a comprehensive portfolio of services from high-level assessments to fully managed security services designed for operational technology applications.

US Department of State - Bureau of Cyberspace & Digital Policy

US Department of State - Bureau of Cyberspace & Digital Policy

The Bureau of Cyberspace and Digital Policy leads and coordinates the Department’s work on cyberspace and digital diplomacy to encourage responsible state behavior in cyberspace.

SolidityScan

SolidityScan

SolidityScan is an advanced smart contract scanning tool designed to uncover vulnerabilities and proactively address risks within your code.

Dispel

Dispel

Dispel makes the fastest secure remote access for industrial networks. Built by operators for operators: a zero trust engine for your entire OT, IoT, and xIoT stack.

GlassHouse Technology

GlassHouse Technology

GlassHouse supports customers in their digitalization journey with our deep technical expertise in Managed Cloud and Security Services, SAP Infrastructure Service and Business Continuity Services.

Boldend

Boldend

Boldend offers leading-edge offensive and defensive cybersecurity solutions that empower government and commercial organizations to stay resilient in an evolving threat landscape.

Nothreat

Nothreat

Nothreat has revolutionized how businesses like yours protect themselves from damaging cyber attacks. Our tech learns and adapts in real time, protecting clients from even zero-day attacks.