The United States reportedly detected a breach in federal government accounts by Chinese state-linked hackers who gained access to the emails of top officials.
Microsoft says the hacking group, dubbed Storm-0558, forged digital authentication tokens to access webmail accounts running on its Outlook service. Two U.S. government agencies, the State Department and the Commerce Department — and Secretary of Commerce Gina Raimondo — had their emails compromised What’s more, the breach was active for a full month before American authorities caught on.
White House national security adviser Jake Sullivan told ABC’s Good Morning America program that the United States had detected the intrusion “fairly rapidly” and managed to prevent further breaches. Microsoft said in a statement that it had contacted all the targeted or compromised organizations directly via their tenant admins and provided them with help to investigate and respond.
Security officials at the two departments said they had taken “immediate steps” and “immediate action” respectively, after Microsoft notified them.
However, China’s embassy in London has fiercely denied the accusations, calling them “disinformation” and branding the U.S. government “the world’s biggest hacking empire and global cyber thief.”
Private sector cybersecurity experts are speaking of the incident as a sign of Chinese hackers improving their cyber capabilities.
“Chinese cyber espionage has come a long way from the smash-and-grab tactics many of us are familiar with,” said John Hultquist, chief analyst for U.S. cybersecurity firm Mandiant.
The U.S. government is now advising government and private sector entities to practice safe cybersecurity and is urging all organizations to review their systems and bolster security measures.
“The Biden-Harris administration is committed to enhancing the security and resilience of government networks and will present concrete strategies for the federal government to meet this goal,” a White House cyber security official told Fox News.
The incident is yet another reminder that the government and private corporations are constantly under threat from state-backed cybercriminals, and that more must be done to strengthen defenses against such breaches.
