Pages

18 July 2023

Chinese Hackers Breached Government Email Accounts, Microsoft Says

Julian E. Barnes, Maggie Haberman and Jonathan Swan

Chinese hackers intent on collecting intelligence on the United States gained access to government email accounts, Microsoft disclosed on Tuesday night.

The attack was targeted, according to a person briefed on the intrusion into the government networks, with the hackers going after specific accounts rather than carrying out a broad-brush intrusion that would suck up enormous amounts of data. Adam Hodge, a spokesman for the White House’s National Security Council, said no classified networks had been affected. An assessment of how much information was taken is continuing.

Microsoft said that in all, about 25 organizations, including government agencies, had been compromised by the hacking group, which used forged authentication tokens to get access to individual email accounts. Hackers had access to at least some of the accounts for a month before the breach was detected, Microsoft said. It did not identify the organizations and agencies affected.

The sophistication of the attack and its targeted nature suggest that the Chinese hacking group was either part of Beijing’s intelligence service or working for it. “We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection,” Charlie Bell, a Microsoft executive vice president, wrote in a blog post on Tuesday night.

Although the breach appeared to be far smaller in scale than some recent intrusions like the SolarWinds hack by Russia in 2019 and 2020, it could provide information useful to the Chinese government and its intelligence services, and it threatened to further strain relations between the United States and China.

Relations Between China and the U.S.High-Level Diplomacy: After three years of self-isolation by China, President Biden’s top aides are flying into Beijing throughout the summer to try to convince Chinese officials to build a new foundation for relations.

Looming Restrictions: Efforts to ease tensions could be undermined as the White House presses ahead with plans to impose new restrictions on American investments in Chinese companies involved in quantum computing, A.I. and semiconductors.

A Silicon Blockade: The Biden administration thinks it can preserve America’s technological primacy by cutting China off from advanced computer chips. Could the plan backfire?

U.S.-China Relationship, by the Numbers: Despite their increasingly intense rivalry, the world’s two largest economies remain integral partners in many ways. These figures illustrate the links between them.

The vulnerability the hackers exploited appeared to be in Microsoft’s cloud security and was first detected by the U.S. government, which immediately notified the company, Mr. Hodge said.

Inside the government, the attack showed a significant cybersecurity gap in Microsoft’s defenses and raised serious questions about the security of cloud computing, the person briefed on the intrusion said. The government has been moving data to the cloud, which promises better access to information and improved security, because pushing out patches to vulnerabilities is faster. The U.S. also operates classified cloud servers, but they have more security protocols in place.

The person briefed on the intrusion said that government security requirements should have prevented the breach, and that Microsoft has been asked to provide additional information about the vulnerability.

“We continue to hold the procurement providers of the U.S. government to a high security threshold,” Mr. Hodge said.

The hack comes at a delicate point in U.S.-China relations, as the Biden administration seeks to cool tensions that have been aggravated in recent months by several incidents including the transit of a Chinese spy balloon across the United States. It could increase criticism that the Biden administration is not doing enough to deter Chinese espionage.

How Times reporters cover politics. Times journalists may vote, but they are not allowed to endorse or campaign for candidates or political causes. That includes participating in rallies and donating money to a candidate or cause.

Cliff Sims, a former spokesman for the director of national intelligence in the Trump administration, said China had been emboldened because President Biden had not confronted Beijing over its attempts to influence recent elections.

“We need to have some serious conversations about how much hacking we’ll tolerate before taking action,” Mr. Sims said.

Mr. Bell, in the blog post, said that people affected by the hack had been notified and that the company had completed efforts to mitigate the attack. But government officials are continuing to ask the company to provide more details of the vulnerability and how it occurred, according to the person briefed on the intrusion.

Microsoft said it was told of the intrusion and compromise on June 16. The company’s blog post said the Chinese hacking group first gained access to email accounts a month earlier, on May 15.

Microsoft did not say how many accounts it believes might have been compromised by the Chinese hackers.

China has one of the most aggressive — and most capable — intelligence hacking operations in the world.

Beijing has, over the years, carried out a series of hacks that have succeeded in stealing huge amounts of government data. In 2015, a data breach apparently carried out by hackers affiliated with China’s foreign spy service stole huge numbers of records from the Office of Personnel Management.

In the SolarWinds hack, which took place during the Trump administration, Russian intelligence agencies used a software vulnerability to gain access to thousands of computer systems, including many government agencies. The hack was named after the network management software the Russian agencies had exploited to get into computers around the world.

Julian E. Barnes is a national security reporter based in Washington, covering the intelligence agencies. Before joining The Times in 2018, he wrote about security matters for The Wall Street Journal. More about Julian E. Barnes

Maggie Haberman is a senior political correspondent and the author of “Confidence Man: The Making of Donald Trump and the Breaking of America.” She was part of a team that won a Pulitzer Prize in 2018 for reporting on President Trump’s advisers and their connections to Russia. More about Maggie Haberman

Jonathan Swan is a political reporter who focuses on campaigns and Congress. As a reporter for Axios, he won an Emmy Award for his 2020 interview of then-President Donald J. Trump, and the White House Correspondents’ Association’s Aldo Beckman Award for “overall excellence in White House coverage” in 2022. More about Jonathan Swan

No comments:

Post a Comment