Categories: CyberCrimeSecurity

Chinese Hackers Stole 60,000 US State Department Emails

A hack of Microsoft’s Outlook email platform earlier this year resulted in the theft of roughly 60,000 emails from the US State Department, the agency has confirmed.

“Yes, it was approximately 60,000 unclassified emails that were exfiltrated as a part of that breach,” State Department spokesman Matthew Miller told a press conference.

He added that classified systems had not been hacked and that the emails were all unclassified.

“We have not made an attribution at this point, but, as I said before, we have no reason to doubt the attribution that Microsoft has made publicly,” Miller said

Emails stolen

“Again this was a hack of Microsoft systems that the State Department uncovered and notified Microsoft about.”

The official remarks followed reports of a briefing by State Department IT officials last week who said the emails had been stolen from 10 accounts within the department.

Nine of the accounts worked on East Asia and the Pacific and one worked on Europe, Reuters reported, citing an unnamed staffer who works for Senator Eric Schmitt.

US officials and Microsoft acknowledged in July that hackers suspected to be allied to the Chinese government had accessed the accounts of about 25 organisations, including the US Commerce and State Departments.

Microsoft revealed technical details of the attack last month, saying the attack group Storm-0558 had used an acquired Microsoft account (MSA) consumer key to forge tokens to access OWA (Outlook Web Access) and Outlook.com.

‘Harden our defences’

China has denied involvement in the hack.

The State Department staff whose accounts were compromised mostly focused on Indo-Pacific diplomacy, officials said at the briefing, adding that the hackers had obtained a list of all the department’s email accounts.

“We need to harden our defences against these types of cyberattacks and intrusions,” Schmitt said in an internal statement following the briefing, Reuters reported. “We need to take a hard look at the federal government’s reliance on a single vendor as a potential weak point.”

Following the hack Microsoft made cloud logging data more widely available at no cost, which could help security organisations identify similar breach attempts in the future.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

2 days ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

2 days ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

4 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

4 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

4 days ago
  翻译: