Chinese Hackers Have Been Reading US Government Emails

The US State Department has used a sophisticated alert system to discover an advanced Chinese spying campaign that involved breaches of officials’ emails. The suspected Chinese hackers, who forged Microsoft customer identities to read the emails of State Department employees, also obtained the personal and political emails of a member of the House Armed Services Committee.

This recent Chinese-linked hack of US government emails was first detected in June and may have gone unnoticed for much longer, were it not for an enterprising government IT analyst.

A State Department cyber security expert spearheaded an effort to implant a custom warning mechanism into the agency’s network more than two years ago in anticipation of future hacks, the officials said, shedding new light on how they spotted the breach. The tripwire-like alert went off almost immediately when Chinese spies targeted the agency’s Microsoft email systems in mid-June, enabling the agency to tip off Microsoft and the rest of the US government to the sophisticated spying campaign. 

The hack, which Microsoft disclosed in July, still compromised the unclassified emails of top officials at the State and Commerce Departments, including Commerce Secretary Gina Raimondo and Nicholas Burns, the US ambassador to China.

The disclosure from the State Department underscores both how federal agencies are adapting to beat back increasingly sophisticated cyber threats, and how easily the Chinese hackers might have gotten away with their exploits.

The State Department was the first to report the activity to the US government and to Microsoft. The firm has said the hackers used a powerful digital key they stole via a cascade of internal security mishaps to breach more than two dozen organisations globally, and at least 10 within the US, none of which spotted the intrusion until the State Department did.

This hack attack has caused a lot of criticism about Microsoft from lawmakers, government cyber security officials and the security industry because only customers who had purchased an enhanced security license, known as E5, had access to the type of forensic trail necessary to determine whether a hack had taken place.

Several victims in addition to the Commerce Department have acknowledged they were affected, including personnel at the State Department and US House of Representatives. The intrusion activity began in May and in August the Google-owned cyber security firm Mandiant announced that suspected state-backed Chinese hackers had broken into the networks of hundreds of public and private sector organisations globally, exploiting a vulnerability in a popular email security tool.

A Chinese foreign ministry spokesman called the US accusation of hacking “disinformation” aimed at diverting attention from US cyber espionage against China. “No matter which agency issued this information, it will never change the fact that the United States is the world’s largest hacker empire conducting the most cyber theft."

Indeed, t is widely acknowledged that US intelligence agencies also use hacking as a critical espionage tool, which is not a violation of international law.

Politico:    WashingtonPost:    NYT:   @DonBacon:    Reuters:    ABC:                 Image: GOCMEN

You Might Also Read:   

Cyber War, Intelligence, Malware & Espionage:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Enterprise Cybersecurity Today: A Vast Landscape To Secure
Australian Government Suffers A Widespread Ransom Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Booz Allen Hamilton

Booz Allen Hamilton

Booz Allen Hamilton is a management & tech consulting firm. Technology services include cloud computing, cyber security, systems development and integration.

mile2

mile2

Mile2 develop and deliver proprietary vendor neutral professional certifications for the cyber security industry.

RISA

RISA

RISA solutions help to secure networks, improve overall network security, and achieve government regulatory compliance.

Microsoft Security

Microsoft Security

Microsoft Security helps protect people and data against cyberthreats to give you peace of mind. Safeguard your people, data, and infrastructure.

MNCERT/CC

MNCERT/CC

MNCERT/CC is the national Computer Emergency Response Team for Mongolia.

Verint Systems

Verint Systems

Verint is a leader in Actionable Intelligence with a focus on customer engagement optimisation, security intelligence, fraud, risk and compliance.

Recorded Future

Recorded Future

Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk.

idappcom

idappcom

idappcom provides unique industry approved software solutions for auditing and enhancing the threat recognition and response capabilities of your corporate security defences.

Sevonix

Sevonix

Sevonix is a professional services organization specializing in offering best in class technology implementation and information security consulting services.

Data Theorem

Data Theorem

Data Theorem is a leading provider in modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere.

BoldCloud

BoldCloud

BoldCloud's award winning Cybersecurity Advisory services and Layered Security approach adds new critical layers of protection for your data and your business.

Edureka

Edureka

Edureka is an online technology training provider with the most effective learning system in the world. We help professionals learn trending technologies for career growth.

Kocho

Kocho

Kocho (formerly TiG) is a provider of identity and access, cyber security, cloud transformation, and managed IT services.

Antares NetlogiX

Antares NetlogiX

Antares Netlogix are a leading Austrian service provider for IT security, critical infrastructures and managed security services.

BetterWorld Technology

BetterWorld Technology

BetterWorld Technology provides cloud solutions, managed services, SaaS, cybersecurity and virtual CIO, all customized to meet your needs.

Saidot

Saidot

Saidot is a Finnish AI governance and alignment company committed to helping businesses safely and transparently integrate AI into their operations.