Chinese hackers attempted to break into the State and Commerce Department’s email accounts in the weeks before Secretary of State Antony J. Blinken traveled to Beijing in June, US officials said Wednesday.
The investigation into the efforts of Chinese pirates, who may be affiliated with the Chinese military or spies, is ongoing, American officials said. But US officials have played down the idea that hackers stole sensitive information, insisting that no emails or cloud systems were accessed. The State Department’s computer security oversight group first became aware of the intrusion.
Several officials said the attack targeted email accounts, rather than leaking information, which the Chinese suspect. he already did. Biden’s administration officials declined to identify which officials fired the shots.
Microsoft, which disclosed the fraud on Tuesday, said it began in May, according to the company’s investigation. The State Department became aware of the intrusion on June 16 and notified Microsoft the same day, shortly before Mr. Blinken’s trip to Beijing, a US official said. He left for Washington that evening.
The visit was a difficult one for Washington and Beijing: It was the first visit to China by a US secretary of state in five years and was aimed at establishing high-level communication channels and mending frayed relations. Since then, Treasury Secretary Janet L. Yellen has visited Beijing, and John Kerry, the special climate envoy, is scheduled to land there on Sunday. four days of discussion.
President Biden and Xi Jinping, the leader of China, agreed at a meeting in Bali, Indonesia, last November establish a relationship, but tensions between the two countries escalated when the Pentagon found and shot down a Chinese spy balloon that was floating over the United States in early February. Mr. Blinken canceled a trip to China at this time; a few weeks later, he accused Beijing of deciding to send military aid to Russia for use in Ukraine.
A State Department official, who declined to comment on the matter, said the hack did not appear to be related to Mr. Blinken’s planned visit. Some officials cautioned that the investigation into the stolen items is still in its early stages.
In a statement on Wednesday, the State Department said that after becoming aware of the “shocks,” the government has taken steps to protect the system and will “continue to closely monitor and respond promptly to developments.”
The Commerce Department, according to a spokesperson, learned that its cloud-based email was compromised when it was notified by Microsoft, which began looking into other breaches after the State Department alerted the company to the breach. Commerce has been leading efforts to impose export controls to prevent the Chinese military from gaining access to critical American technology, a drive that has deeply upset Beijing.
After the government reported to Microsoft, the company discovered that the hackers had also targeted 25 organizations, including government agencies. An official with the Cybersecurity and Infrastructure Security Agency said that some of these organizations are located overseas and that the number of US organizations affected is in the single digits.
U.S. officials say the hackers are targeting only a handful of emails in each organization, rather than a full-scale compromise. But neither US nor Microsoft officials would say exactly how many accounts they believe may have been hacked by the Chinese.
The U.S. government has not reported the incident in China, possibly because the Biden administration is trying to improve negotiations with Beijing. But privately, U.S. officials said they agreed with Microsoft’s claims that it took place in China and said it was indicative of a government-led attack.
American officials described the penetration as an operation, unlike the SolarWinds hack in 2019 and 2020, in which Russian intelligence used a vulnerability in the software delivery system to gain access to thousands of computers.
Espionage organizations often use intrusions into an enemy’s network to try to gain as much information as possible without their detection.
The United States and China are locked in a growing intelligence competition, with both governments trying to expand their collections elsewhere. US officials have said that while such espionage and hacking are to be expected, they are actively investigating the threat that Chinese hackers used against the State Department and other vulnerabilities in cloud computing.
On Wednesday, American officials said that State Department cybersecurity experts discovered the intrusion by looking at email logs – a record of what emails were hacked and when.
Microsoft, American officials said, pays additional agencies to access the logs regularly. Some of the organizations affected by the hack did not have that access, meaning that without Microsoft’s help they would not have been able to detect the intrusion. US officials have been pushing Microsoft to provide access logs to all organizations with which it has computer contracts.
The State Department likes to steal from foreign governments. Russian intelligence has repeatedly targeted State Department computers. In 2014 and 2015, Russian hackers breached the State Department, Joint Chiefs of Staff and White House and other complex, but unknown, computer networks.