US Starts Probe Of Alleged China Hack Of Federal Emails

Republican lawmakers in the United States are responding to a suspected Chinese hack of the emails belonging to the US Commerce Department, as well as the US State Department.

The issue began last month when Microsoft and the White House confirmed that China-based hackers had compromised the email accounts belonging to a number of US government departments, as well as 25 unnamed organisations.

Microsoft at the time labelled the China-based threat actor Storm-0558, and said the attacks seemed to focused “on espionage, data theft, and credential access.” The intrusion activity began in May and continued for roughly one month.

China-based attack

A number of other US government departments had also been compromised (including the US House of Representatives).

The full extent of the breach, which affected at least two dozen other organisations, is not clear, but some media outlets reported that hundreds of thousands of emails were stolen.

Indeed, so serious was the attack that US Secretary of State Antony Blinken made clear to China’s top diplomat Wang Yi in a meeting in July that any action that targets the US government, US companies or American citizens “is of deep concern to us, and that we will take appropriate action to hold those responsible accountable.”

It emerged that emails belonging to some very senior officials in the US government had been compromised by the China-based cyberattack.

US Commerce Secretary Raimondo’s email was among those apparently accessed by the hackers.

Republican investigation

Now on Wednesday the US House of Representatives Oversight Committee announced that Chairman James Comer (Rep), as well as two fellow Republicans who head two subcommittees, “are investigating the recent cyber espionage campaigns which breached the Department of State and the Department of Commerce.”

They have written to Secretary of State Antony Blinken and Secretary of Commerce Gina Raimondo, requesting a briefing by 9 August to understand the extent and ramifications of the breach by Chinese hackers.

“According to recent reports, as part of a ‘suspected cyber-espionage campaign to access data in sensitive computer networks’ by China, the breaches reportedly occurred at over two dozen organizations, including some US government agencies. We request a briefing on the discovery of, impact of, and response to the intrusion,” wrote the lawmakers.

“We are also concerned that these attacks on federal agencies, which include at least the Department of Commerce and the Department of State, reflect a new level of skill and sophistication from China’s hackers,” continued the lawmakers.

“To help the Subcommittees understand the discovery of the intrusion, impact of the intrusion at the Department, how the Department responded, and what the Department is doing to ensure the continued security of its email and overall information systems, we request a staff briefing as soon as possible but no later than 9 August 2023.”

Trade war

It is worth remembering that the US Commerce Department of Secretary Gina Raimondo has implemented a series of export control policies against China, curbing the transfer of semiconductors and other sensitive technologies to Beijing.

But hacking the US government does carry risks, even if the attack was outsourced to third party hackers.

Ever since 2011 the United States said it reserved the right to retaliate with military force against a cyberattack from a hostile state.

And cyberattacks against US targets was raised during face-to-face talks between US President Joe Biden and Russia’s Vladimir Putin in June 2021.

Biden and Putin spent much of that face-to-face meeting talking about cybersecurity issues, with Biden pointedly warning Putin of ‘retaliation’ and an ‘aggressive response’ if Russia attacked a list of 16 ‘critical’ industries in America.

Then in July 2021 President Biden underscored the seriousness of such cyberattacks, when he admitted they could cause a ‘real shooting war’ with a ‘major power’.