Hackers based in China recently broke into email accounts of at least two major U.S. government agencies, Microsoft and U.S. officials said.
Spokespeople for the State Department and Commerce Department each confirmed Wednesday that email accounts of people in their agencies had been breached. Microsoft said approximately 25 organization were part of the hack. The other organizations that were breached have not been identified.
Neither agency said how many individuals were affected.
The Cybersecurity and Infrastructure Security Agency (CISA), the federal cybersecurity watchdog, announced Wednesday that it first learned of the hacking campaign in mid-June. The campaign lasted around a month.
Top Chinese officials met with leaders from the State and Commerce Departments around that period.
China’s commerce minister, Wang Wentao, met in the U.S. with Commerce Secretary Gina Raimondo and trade representative Katherine Tai on May 25. Secretary of State Antony Blinken met with Chinese president Xi Jinping in Bejing on June 19.
The Washington Post and the New York Times reported that Raimondo’s email was compromised as part of the breach. NBC News has not confirmed those reports.
Microsoft did not name any of the affected countries or agencies, but said that the group primarily focuses on hacking Western governments to spy on them. Microsoft said it worked with CISA to kick the hackers out.
Sen. Mark Warner, D-Va., head of the Senate Intelligence Committee, said he and other committee members were “closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence.”
“It’s clear that the PRC is steadily improving its cyber collection capabilities directed against the U.S. and our allies,” Warner added, using an acronym for the People’s Republic of China. “Close coordination between the U.S. government and the private sector will be critical to countering this threat.”
In a press call Wednesday, a senior CISA official, who requested to not be named as terms to participate in the call, declined to say exactly how many other U.S. federal agencies were affected, but said that the number “is in the single digits.”
The hacks started May 15 and went undetected until June 16, Microsoft announced in a report Tuesday evening. The perpetrators were primarily focused on gaining access to email accounts and no longer have that access, it said.
The hackers were able to view victims’ emails, and appeared to only target a handful of specific people, the official said.
“This appears to have been a very targeted, surgical campaign,” he said. Only unclassified mailboxes were affected, he said.
A spokesperson for the State Department said the agency took “immediate steps to secure” its system.
“As a matter of cybersecurity policy, we do not discuss the details of our response. The incident remains under investigation. And we continuously monitor our networks and update our security procedures,” said Matthew Miller, a State Department spokesperson.
Microsoft did not say whether it believed the hacker group is affiliated with China’s government.
Unlike those working for Russia or Iran, hackers working for China rarely focus on disrupting their targets, but they are generally regarded as some of the most prolific cyber spies in the world.
Chinese Foreign Ministry spokesperson Wang Wenbin on Thursday urged U.S. officials to provide more details about the hacking.
“The U.S. side should give an account of its cyberattacks as soon as possible, rather than spreading false information to divert attention,” he said at a regular news briefing in Beijing, according to the state-owned China News Service.
