Chinese hackers associated with the government have discreetly hacked at least 25 accounts across organizations since May, targeting two US federal agencies, said Microsoft and US officials on Wednesday.
Jake Sullivan, White House national security adviser, in an interview with a TV programme said that the breach of more federal accounts was prevented in time as the government “fairly rapidly” detected the hacking.
The state departments that revealed hacking of their accounts were State and Commerce Departments. Among others affected were email accounts of Secretary of Commerce Gina Raimondo and Department of State officials. Cabinet official Raimondo’s account has also been hacked.
It would be unfair, a senior US government official told reporters, to compare it to the SolarWinds hack, a huge collection of digital intrusions that came to light in late 2020 and were attributed to Russian cyberspies. While warning against comparing the incident with SolarWinds, he called the hack as “much narrower.”
Microsoft has attributed the hack to China. In a statement it said that to access webmail accounts running on the company’s Outlook service, the hacking group, called as Storm-0558 used fraudulent digital authentication tokens. This started in May, according to the software giant.
It further said, “As with any observed nation-state actor activity, Microsoft has contacted all targeted or compromised organizations directly via their tenant admins and provided them with important information to help them investigate and respond.”
However, Microsoft did not divulge details about which organizations were affected but further said that the hackers targeted entities in Western Europe.
In its reply, the China’s embassy in London termed the charges against the country as “disinformation” and said that the US government “the world’s biggest hacking empire and global cyber thief.”
China continues to stick to its stand that it is not part of any hacking operations, even in situations where evidence or context are provided.
On the issue, White House National Security Council spokesman Adam Hodge said that taking illegal access of Microsoft’s cloud security “affected unclassified systems,” and did not divulge much details. He added, “Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service.”
The US State Department “detected anomalous activity” and “took immediate steps to secure our systems,” a spokesperson said. Microsoft had notified the Commerce Department of the illegal activity which took “immediate action”.
According to private sector cyber security specialists, recently uncovered hacking activities demonstrates how Chinese organisations are advancing their online security.
The smash-and-grab methods that many of us are accustomed to are no longer used by Chinese cyber espionage, according to John Hultquist, chief analyst for the American cyber security company Mandiant.