Categories: CyberCrimeSecurity

Chinese Hackers Stole 60,000 US State Department Emails

A hack of Microsoft’s Outlook email platform earlier this year resulted in the theft of roughly 60,000 emails from the US State Department, the agency has confirmed.

“Yes, it was approximately 60,000 unclassified emails that were exfiltrated as a part of that breach,” State Department spokesman Matthew Miller told a press conference.

He added that classified systems had not been hacked and that the emails were all unclassified.

“We have not made an attribution at this point, but, as I said before, we have no reason to doubt the attribution that Microsoft has made publicly,” Miller said

Emails stolen

“Again this was a hack of Microsoft systems that the State Department uncovered and notified Microsoft about.”

The official remarks followed reports of a briefing by State Department IT officials last week who said the emails had been stolen from 10 accounts within the department.

Nine of the accounts worked on East Asia and the Pacific and one worked on Europe, Reuters reported, citing an unnamed staffer who works for Senator Eric Schmitt.

US officials and Microsoft acknowledged in July that hackers suspected to be allied to the Chinese government had accessed the accounts of about 25 organisations, including the US Commerce and State Departments.

Microsoft revealed technical details of the attack last month, saying the attack group Storm-0558 had used an acquired Microsoft account (MSA) consumer key to forge tokens to access OWA (Outlook Web Access) and Outlook.com.

‘Harden our defences’

China has denied involvement in the hack.

The State Department staff whose accounts were compromised mostly focused on Indo-Pacific diplomacy, officials said at the briefing, adding that the hackers had obtained a list of all the department’s email accounts.

“We need to harden our defences against these types of cyberattacks and intrusions,” Schmitt said in an internal statement following the briefing, Reuters reported. “We need to take a hard look at the federal government’s reliance on a single vendor as a potential weak point.”

Following the hack Microsoft made cloud logging data more widely available at no cost, which could help security organisations identify similar breach attempts in the future.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Tech Groups Call On US DoJ To Investigate YouTube Monopoly

Open letter urges US Department of Justice to investigate Alphabet's YouTube for alleged domination of…

7 hours ago

EU To Impose Tariffs Up To 38 Percent On Chinese EVs

European Commission investigation provisionally concludes China offers unfair subsidies to its EV makers – tariffs…

9 hours ago

CIOs Admit AI Is Investment Priority, Just Ahead Of Security, Cloud

Challenges to enterprise growth ambitions include geopolitical issues, inflation and economic uncertainty, Expereo's IDC report…

12 hours ago

Nvidia Completes Stock Split To Make Shares More Affordable

The 10-for-1 stock split at Nvidia has taken place, after the meteoric share price rise…

14 hours ago

Elon Musk Drops OpenAI Lawsuit, Threatens Apple Ban

Surprising twist by Elon Musk after he ditches lawsuit against OpenAI, and also threatens to…

15 hours ago