Hackers, possibly linked to China’s intelligence agencies, are being blamed for a month-long campaign that breached some unclassified US email systems, gaining access to a small number of accounts at the State Department and a handful of other organizations.
Microsoft first announced the intrusion on Tuesday, attributing the attack on its Outlook email service to Chinese actors it dubbed Storm-0558.
The company said in a blog post that hackers managed to spoof a Microsoft authentication mechanism and gain access to the email accounts of 25 organizations, both in the US and around the world, starting in mid-May.
He added that access was cut off after the breach was discovered a month later.
“We assess that this adversary is focused on espionage, such as gaining access to email systems for intelligence gathering,” Microsoft said. “This type of adversary seeks to abuse credentials and gain access to data residing on sensitive systems.”
The State Department confirmed Wednesday that it had discovered the breach and taken “immediate steps” to protect its systems and notify Microsoft.
Some officials, however, were hesitant to back Microsoft’s claim, but said the United States would “do everything possible to impose costs” on whoever was responsible.
“The sophistication of this attack, in which the actors were able to access the contents of the victims’ mailbox, is indicative of APT activity. [amenaza persistente avanzada]but we are not prepared to discuss attribution at a more specific level,” a senior FBI official told reporters Wednesday on condition of anonymity.
According to senior FBI and Cybersecurity and Infrastructure Security Agency (CISA) officials, the number of American victims of the Microsoft Outlook breach was in the single digits and only a small number of accounts were accessed.
They added that because the breach was detected quickly, the hackers did not have access to any email accounts for more than a month and never had access to classified information or systems. In many cases, their access lasted only a few days.
Still, officials pointed to reasons for concern.
“The attack was intentional,” said a senior CISA official who spoke to reporters on condition of anonymity. “This seems to have been a very specific surgical campaign that was not looking for the breadth of access that we have seen in other campaigns.”
Despite the reluctance of some US cyber officials to blame China, several lawmakers on Wednesday were more direct.
“The Senate Intelligence Committee is closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence,” its chairman, Mark Warner, said in a statement.
“It is clear that the PRC is constantly improving its cyber collection capabilities directed against the US and our allies,” added the Virginia Democrat. “Close coordination between the US government and the private sector will be critical to countering this threat.”
Senior US intelligence, security and military officials have long warned of the growing threat to cybersecurity posed by China-linked hackers.
Earlier this year, CISA director Jen Easterly warned that China would “almost certainly” employ aggressive cyber operations against the US should tensions between Washington and Beijing escalate.
However, John Hultquist, chief analyst at Google’s Mandiant cybersecurity intelligence operation, said this latest attack showed that the Chinese threat has evolved in a very dangerous way.
“Chinese cyber espionage has come a long way,” Hultquist said in an email. “They have transformed their capability from one that was dominated by large, noisy campaigns that were much easier to spot. They used to be cheeky, but now they’re clearly focused on stealth.”
The voice of america contacted the Chinese Embassy in Washington about allegations that Beijing was behind the attack on Microsoft.
“China is against cyber attacks of all kinds and has suffered from cyber hacking,” Chinese embassy spokesman Liu Pengyu said in an email. “As the MFA (Ministry of Foreign Affairs) spokesperson has commented in a regular press conference, the source of Microsoft’s claim comes from information from government authorities.”
Liu went on to call the US “the biggest hacking empire and global cyber thief,” saying that “it is about time the US explained its cyber attack activities and stopped spreading false information to divert public attention.”
In its blog post about the latest breach on Tuesday, Microsoft said it had managed to fix its systems for all of its customers.
The FBI and CISA issued separate cybersecurity advisories on Wednesday, urging organizations that use Microsoft Exchange Online to take steps to increase their security and also monitor their systems for any suspicious activity.
Connect with the Voice of America! Subscribe to our channel Youtube and activate notifications, or follow us on social networks: Facebook, Twitter and Instagram.