The chairman of the House Committee on Oversight and Accountability summoned the Secretary of State and the Secretary of Commerce on Wednesday for a briefing over cyber-attacks and data theft by the Chinese regime to these American institutions, according to the Committee’s letters.
The Committee stated it opened an investigation into the cyberattacks. In its letters, the lawmakers identify the cyberattacks as coming from the Chinese regime and say they have impacted Ms. Raimondo’s emails.
“In fact, your email account was among those accessed by hackers,” the lawmakers wrote to Ms. Raimondo.
“The Department discovered this alleged intrusion by China on June 16, 2023, yet, you left later that evening for a trip to Beijing,” they wrote to Mr. Blinken.
The breaches appear to have occurred due to a “flaw in a Microsoft cloud-computing environment,” said the letter referring to the breach in Microsoft Cloud 365, which was reported by The Wall Street Journal in July.
In a post about the incident, Microsoft refers to the hacker as “Storm0558,” a China-based threat actor that “primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access,” quoted the lawmakers.
The “apparent espionage campaign infiltrated victims’ email beginning on May 15 and operated in stealth for more than a month, until June 16, when Microsoft began its investigation.”
The lawmakers allege that the attacks may have been going on unnoticed for months or even for years, given their sophisticated nature.
These attacks on federal agencies, which included at least the Department of State and the Department of Commerce, show a “new level of skill and sophistication from China’s hackers,” the letter to both Department heads said.
The Chinese regime seems to be surpassing “noisy” and “rudimentary” cyberattacks, reaching a level described by security experts as “among the most technically sophisticated and stealthy ever discovered,” the letter continued.
The letter describes China as the only country with both the intent and the power to “reshape the international order.”
The Chinese regime’s power to do so is multifaceted and it is described as an “economic, diplomatic, military, and technological” power.
The Committee asks for a briefing to understand how the discovery of the cyberattack took place, which is the impact of the attack, and what is the response from the two Departments.
The Committee on Oversight and Accountability is the principal oversight committee of the U.S. House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
The Committee’s letter gave an August 9 deadline for the briefing.
The Wall Street Journal reported last month that the hackers also accessed the email account of the U.S. ambassador to China as well as Daniel Kritenbrink, the assistant secretary of state for East Asia.
Hundreds of thousands of emails were stolen overall, the newspaper said.
Ms. Raimondo said last month she still plans to visit China later this year despite the reported Chinese hacking. “We’re planning the trip now, which doesn’t mean that we excuse any kind of hacking or infringement on our security,” she said to CNBC.
China’s embassy in Washington said in an earlier statement that identifying the source of cyber attacks was complex and warned against “groundless speculations and allegations.”
