Spokespeople for the Commerce Department and State Department, as well as tech-giant Microsoft, confirmed that a Chinese hacker breached email accounts in both departments.
It wasn’t just those two that were struck, but around 25 unnamed organizations were affected by this large-scale breach. Neither agency has revealed just how many individuals had their email accounts hacked either.
The federal cybersecurity agency known as The Cybersecurity and Infrastructure Security Agency (CISA) learned about the roughly month-long hacking campaign on Wednesday, around the same period of time that Chinese officials met with leaders from both departments.
Earlier, on May 25, China’s commerce minister Wang Wentao met with Gina Raimondo and trade representative Katherine Tai in the U.S. This was followed up on June 19, when Secretary of State Antony Blinken held discussions with Chinese President Xi Jinping in Beijing.
“Microsoft determined that APT actors accessed and exfiltrated unclassified Exchange Online Outlook data from a small number of accounts. The APT actors used a Microsoft account (MSA) consumer key to forge tokens to impersonate consumer and enterprise users,” says the recent release on the incident.
“CISA and FBI are not aware of other audit logs or events that would have detected this activity. Critical infrastructure organizations are strongly urged to implement the logging recommendations in this advisory to enhance their cybersecurity posture and position themselves to detect similar malicious activity.”
With a cybersecurity breach unfolding, Microsoft has reportedly teamed up with CISA to neutralize the threat, and while it hasn’t revealed the organizations that were affected, the company did hint that the cyber assailants have a primary interest in spying on Western governments.
In a twist, reports from The Washington Post and the New York Times are pointing fingers at Gina Raimondo, the U.S. Commerce Secretary. They allege that Raimondo’s email account fell prey to the breach. But as of now, NBC News has yet to independently verify these claims.