Intricacies of an extensive cyber-espionage operation surfaced as Microsoft unveiled the operations of Chinese hackers who successfully breached senior US officials’ emails during May and June. The tech conglomerate proclaimed that the hackers executed this breach by initially pilfering sensitive data from a Microsoft engineer.
The Chinese hackers’ success was precipitated by a series of mishaps including an internal Microsoft system crash in April 2021 and the breach of the engineer’s data. This sequence of misfortunes enabled the hackers to secure coveted access to a cryptographic key. This key, as divulged by Microsoft, was subsequently utilised to infiltrate US officials’ email accounts.
This revelation paints an expansive picture of a cyber-espionage campaign that has ignited a commotion in the nation’s capital. The compromised email accounts include those of the US Ambassador to China, Nicholas Burns, and Commerce Secretary Gina Raimondo. This breach occurred ominously ahead of Raimondo’s scheduled visit to China.
Alongside these notable officials, Republican Rep. Don Bacon of Nebraska, a pronounced critic of the Chinese government, confirmed that his account too had been infiltrated by the hackers. In response to the hacking accusations, Chinese government officials have pointed the accusatory finger back at the US, alleging their conduct of cyberattacks against China.
This entire scenario has thrust Microsoft into the spotlight, facing examination by US lawmakers and officials demanding additional information regarding the methods used by the alleged Chinese hackers to access the email accounts. The root causes of this breach are currently under investigation by the Department of Homeland Security-backed Cyber Safety Review Board; a collective of US government and private experts.
On Wednesday, Microsoft reassured concerned parties about its rectification of the technical issues that initially allowed the hackers to acquire the cryptographic key from its internal system. The company emphasized its relentless pursuit of secure systems, stating that, “Microsoft is continuously hardening systems as part of our defense in depth strategy.”
The cyber-espionage campaign occurred during a delicate moment in US-China relations, right as Secretary of State Antony Blinken was preparing for a crucial trip to China. The Biden administration has articulated its belief that the Chinese hacking provided Beijing with insightful knowledge of US thinking ahead of Blinken’s visit.
While the State Department confronted the Chinese government about the hack, the events have been described by a senior National Security Agency official, Rob Joyce, as standard espionage. “That’s what nation-states do,” Joyce argued in July. “We have to defend against it, we need to push back against it. But that is something that happens.”
