CNN
—
Chinese hackers who hacked into the emails of senior US officials in May and June were able to do so by first stealing sensitive data from a Microsoft engineer, the company revealed on Wednesday.
Multiple incidents, including the April 2021 crash of an internal Microsoft system and the engineer’s hack, gave Chinese hackers coveted access to a cryptographic key that was later used to hack into officials’ email accounts. Americans, the tech giant said in a blog post.
This statement sheds new light on a cyber espionage campaign that caused a stir in Washington. The hackers had hacked into the email accounts of US Ambassador to China Nicholas Burns and Secretary of Commerce Gina Raimondo, prior to Raimondo’s trip to China.
Republican Representative Don Bacon of Nebraska, who has criticized the Chinese government, said he was also hacked by hackers.
Chinese government officials have responded to the hacking allegations by accusing the US government of carrying out cyberattacks against China.
Microsoft is under intense scrutiny from U.S. lawmakers and officials who have demanded more information about how suspected Chinese hackers broke into email accounts. The Cyber Safety Review Board, supported by the Department of Homeland Security – a group made up of US government and private sector experts – is investigating the root causes of the breach.
Microsoft announced on Wednesday that it had corrected technical problems that allowed hackers to obtain the cryptographic key from its internal system.
“Microsoft is continually strengthening its systems as part of its defense-in-depth strategy,” the company said.
The alleged Chinese hacking campaign came at a particularly sensitive time in US-China relations, as Secretary of State Antony Blinken was preparing for a high-stakes trip to China in June. As CNN has previously reported, the Biden administration believes the Chinese hack gave Beijing some insight into American thinking ahead of Blinken’s trip.
Although the State Department confronted the Chinese government over the hack, a senior National Security Agency official, Rob Joyce, called the activity standard espionage.
“That’s what nation states do,” Joyce said in July. “We have to defend against it, we have to push it back. But it is something that happens.
Cnn