US Government Emails Hacked by Malicious Chinese Actor

US Government Emails Hacked by Malicious Chinese Actor
A Chinese soldier stands guard at the main entrance door of the Bayi building in Beijing on April 23, 2013. Andy Wong/Getty Images
Naveen Athrappully
Updated:
0:00

A Chinese hacking group broke into U.S. government networks and had access to email accounts for a month, an incident that has triggered national security concerns.

The hacking incident began in May, and the email accounts of 25 organizations, including government agencies, were accessed. The issue was first identified by a government agency, which then alerted its service provider, Microsoft.

According to the tech firm, the hacking group, China-based Storm-0558, used forged credentials to break into the networks. The company has since resolved the issue.

The activity could be a part of a broader espionage campaign against the United States as Chinese hackers are some of the most persistent malicious actors online, with a targeted focus on the country and its assets.

In a press briefing on July 12, U.S. officials with the Cybersecurity and Infrastructure Security Agency (CISA) said that no sensitive information was stolen during the attack.

The way Storm-0558 broke into the networks has raised concerns among experts. Storm-0558 used forged authentication tokens—used to verify the identity of users—to gain access to sensitive U.S. data.

Cybersecurity researcher Jake Williams, a former National Security Agency offensive hacker, said the hackers could have used forged authentication tokens to hack into non-enterprise Microsoft users, including Chinese dissidents.

Adam Meyers, the head of intelligence for cybersecurity firm Crowdstrike, highlighted the vulnerability of being too dependent on a single technology provider, such as Microsoft.

“Having one monolithic vendor that is responsible for all of your technology, products, services, and security can end in disaster,” Mr. Meyers said.

Chinese Involvement

A Chinese foreign ministry spokesman, Wang Wenbin, called the U.S. accusation of hacking “disinformation” aimed at diverting attention from U.S. cyberespionage against China.

On July 12, Sen. Mark Warner (D-Va.), chairman of the Senate Select Committee on Intelligence, called for strengthened efforts to counter the hacking threat posed by China following reports of Storm-0558’s hack.

“The Senate Intelligence Committee is closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence,” he said in a statement. “It’s clear that the PRC is steadily improving its cyber collection capabilities directed against the U.S. and our allies. Close coordination between the U.S. government and the private sector will be critical to countering this threat.”

In June, CISA Director Jen Easterly warned during an event at the Aspen Institute in Washington that Beijing’s hackers will “almost certainly” attempt to disrupt critical U.S. infrastructure such as railways and pipelines in case a conflict breaks out between the two nations, so as to “delay military deployment and to induce societal panic.”

“This, I think, is the real threat that we need to be prepared for, and to focus on and to build resilience against,” Ms. Easterly said.

“Given the formidable nature of the threat from Chinese state actors, given the size of their capability, given how much resources and effort they’re putting into it, it’s going to be very, very difficult for us to prevent disruptions from happening,” she added.

During an appearance before the House Appropriations Committee on April 27, FBI Director Christopher Wray said that Chinese hackers outnumber U.S. cyber specialists 50 to 1.
Terming China “the greatest threat to our country,” Mr. Wray said that the FBI blocks 15 million cyberattacks against the United States’ infrastructure every week.

Other Incidents

In June, cybersecurity firm Mandiant stated that suspected state-backed Chinese hackers broke into the networks of hundreds of public and private organizations globally, with almost a third being government agencies. Organizations in the Americas accounted for 55 percent of those targeted.

That hack began in October last year and lasted at least until it was discovered in May. The hackers used a security hole in a popular email service to break into the networks.

“This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Charles Carmakal, Mandiant’s chief technical officer, said.

The hackers focused on issues that are considered high-level priorities by Beijing. Targets included academic organizations in Taiwan and Hong Kong and foreign ministries in Southeast Asia.

The Associated Press contributed to this report.
Naveen Athrappully
Naveen Athrappully
Author
Naveen Athrappully is a news reporter covering business and world events at The Epoch Times.
Related Topics