As the August congressional recess settles in, the House Oversight and Accountability Committee has embarked on a rigorous investigation into the breach of unclassified Microsoft email accounts at both the Commerce Department and the State Department, purportedly carried out by a China-linked hacking group.
House Oversight and Accountability Committee Chairman James Comer (R-Ky.); Chairwoman of the Subcommittee on Cybersecurity, Information Technology, and Government Innovation Nancy Mace (R-S.C.); and Chairman of the Subcommittee on National Security, the Border, and Foreign Affairs Glenn Grothman (R-Wis.) jointly submitted separate letters to Commerce Secretary Gina Raimondo and Secretary of State Anthony Blinken, requesting comprehensive staff briefings on the breaches by August 9th.
“According to recent reports, as part of a ‘suspected cyber-espionage campaign to access data in sensitive computer networks’ by China, the breaches reportedly occurred at over two dozen organizations, including some U.S. government agencies,” wrote the lawmakers. “We request a briefing on the discovery of, impact of, and response to the intrusion.”
The breach, believed to have occurred between May 15 and June 16, exploited a vulnerability within Microsoft’s cloud computing environment. Microsoft has attributed the attack to a China-based actor known as Storm-0558, revealing that stolen private encryption keys were used to forge authentication tokens, providing unauthorized access to user accounts.
As a clear demonstration of shared concern, a group of 14 senators demanded more information from the State Department about the breach. “How will this recent cyber-intrusion shape the State Department’s potential $10 billion Evolve IT initiative?” they wrote in a letter to State Department Chief Information Officer Kelly Fletcher. “How will you ensure a more robust, layered cybersecurity architecture that includes multiple cybersecurity vendors for unclassified email?”
The breach investigation underscores the increasing concerns surrounding China’s sophisticated cyber capabilities and the vulnerability of government email accounts. It serves as a stark reminder of the evolving challenges in cybersecurity, prompting congressional and federal agency actions to safeguard national digital infrastructure.