Chinese hackers attempted to penetrate specific State Department email accounts in the weeks before Secretary of State Antony J. Blinken traveled to Beijing in June, US officials said Wednesday.
Investigations into the efforts of the Chinese hackers, who are likely affiliated with China’s military or espionage agencies, are ongoing, US officials said. But U.S. officials have downplayed the idea that the hackers stole sensitive information and insisted no classified email or cloud systems were compromised. The State Department’s cybersecurity team was the first to discover the break-in.
Multiple officials said the attack targeted individual email accounts, rather than large-scale data exfiltration, which Chinese hackers are suspected to have done before. Biden administration officials declined to identify which officials had been targeted by the Chinese hackers.
Microsoft, which disclosed the hack on Tuesday, said the hack began in May, according to their research, and was discovered on June 16, just before Mr. Blinken’s trip to Beijing. He left Washington that evening. The trip was crucial for both Washington and Beijing: it was the first visit by a US secretary of state to China in five years and was aimed at establishing high-level communication channels and improving a deteriorating relationship. Since then, Treasury Secretary Janet L. Yellen has visited Beijing, and John Kerry, the special climate envoy, plans to land there on Sunday for four days of talks.
President Biden and Xi Jinping, the leader of China, agreed last November at a meeting in Bali, Indonesia, to try to stabilize relations, but the two nations clashed when the Pentagon discovered and shot down a Chinese spy balloon that hovered over the continental United States. beginning of February. Mr Blinken canceled a trip to China during that episode and a few weeks later publicly accused China of considering sending military aid to Russia for use in Ukraine.
A senior State Department official who spoke on condition of anonymity to discuss the sensitive incident said the hack did not initially appear to be directly related to the trip. Other officials warned that the investigation into what, if any, material had been stolen by the hackers was in its early stages.
In a statement on Wednesday, the State Department said that after detecting “abnormal activity”, the government has taken steps to secure the systems and “will continue to monitor and respond swiftly to any further activity”.
After the State Department reported the hack to Microsoft, the company found that the hackers had also targeted some 25 organizations, including government agencies. Microsoft, which described the attack as hackers going after specific accounts rather than launching a large-scale intrusion, did not say how many accounts it believes may have been compromised by the Chinese hackers.
The United States and China are engaged in an increasing intelligence competition, with both governments on the other trying to expand their collection. US officials said that while such espionage and hacking is to be expected, they are conducting a robust investigation to close both the exploit used by the Chinese hackers against the State Department and other potential security vulnerabilities in cloud computing.
The Ministry of Foreign Affairs is a frequent target of hacking by foreign governments. Russian intelligence has repeatedly targeted computer networks of the Ministry of Foreign Affairs. In 2014 and 2015, Russian hackers penetrated the State Department, the Joint Chiefs of Staff and the White House and other critical but unclassified computer networks.
