Chinese Hackers Compromised Emails Of US Commerce Secretary

Fallout spreads from cyberattack by China-based hackers, as emails from head of US Commerce Department reportedly compromised

The emails belonging to some very senior officials in the US government have reportedly been compromised by a recent China-based cyber-attack.

Earlier this week Microsoft and the White House confirmed that China-based hackers had compromised email accounts belonging to a number of US government departments including 25 unnamed organisations.

Microsoft labelled the China-based threat actor Storm-0558, and it said the attacks seemed to focused “on espionage, data theft, and credential access.” The intrusion activity began in May and continued for roughly one month.

Espionage hackers

The US federal agency where the Chinese hackers were first detected was reportedly the US State Department, which then reported the suspicious activity to Microsoft.

A number of other US government departments were also reportedly compromised (including the US House of Representatives).

Now Reuters has reported, citing a person briefed on the matter, that US Commerce Department Secretary Gina Raimondo was among a group of senior US officials whose emails were hacked.

Indeed, so serious is the attack that US Secretary of State Antony Blinken made clear to China’s top diplomat Wang Yi in a meeting in Jakarta on Thursday that any action that targets the US government, US companies or American citizens “is of deep concern to us, and that we will take appropriate action to hold those responsible accountable,” a senior State Department official told Reuters.

The Chinese Ministry of Foreign Affairs reportedly called the accusations “disinformation” in a statement to Reuters earlier this week.

China exports

It is worth remembering that the US Commerce Department of Secretary Gina Raimondo has implemented a series of export control policies against China, curbing the transfer of semiconductors and other sensitive technologies to Beijing.

A Commerce Department spokesperson quoted by Reuters on Wednesday said that Microsoft had notified the agency of “a compromise to Microsoft’s Office 365 system, and the Department took immediate action to respond.”

But the spokesperson declined to comment on an intrusion against Raimondo specifically.

According to Reuters, a report by the US inspector general’s office in March had sharply criticised the Commerce Department’s “fundamental deficiencies” in its cybersecurity incident response program, saying it violated security protocols, did not properly use cyber-protection tools, and poorly handled simulated cyberattacks.

A senior FBI official was quoted by Reuters as saying on Wednesday that no classified information was taken during the hacking operation. The hacking was highly targeted, accessing only email inboxes and not destroying data.

US retaliation?

Ever since 2011 the United States said it reserved the right to retaliate with military force against a cyberattack from a hostile state.

And the US made no secret of its public warning to Russia, after a serious of cyberattacks against US organisations two years ago.

The cyberattack issue against US targets was raised during face-to-face talks between US President Joe Biden and Russia’s Vladimir Putin in June 2021.

Biden and Putin spent much of that face-to-face meeting talking about cybersecurity issues, with Biden warning Putin of ‘retaliation’ and an ‘aggressive response’ if Russia attacked a list of 16 ‘critical’ industries in America.

Then in July 2021 President Biden underscored the seriousness of such cyberattacks, when he admitted they could cause a ‘real shooting war’ with a ‘major power’.

Microsoft attacks

There has been a previous attack against Microsoft Exchange email infrastructure before by Chinese hackers.

In 2021 Microsoft and other security experts identified a state-sponsored hacking group called Hafnium, operating out of mainland China, as being responsible for hacking “primarily target entities in the United States.”

The White House in March 2021 said it was “concerned” over the potentially large number of organisations affected by four zero-day flaws in Microsoft Exchange, compromised by Chinese hackers.

Now Microsoft has said the latest Chinese hacks worked not by hijacking computers or stealing passwords, but by rather exploiting a still-undisclosed security issue with the company’s ubiquitous online email service.