Microsoft hack widens after emails of U.S. ambassador to China breached

Microsoft said its engineers detected the data breach in June, when a Chinese hacker identified as Storm-0558 was found to have accessed email accounts at several government agencies. Photo by John Angelillo/UPI
Microsoft said its engineers detected the data breach in June, when a Chinese hacker identified as Storm-0558 was found to have accessed email accounts at several government agencies. Photo by John Angelillo/UPI | License Photo

July 21 (UPI) -- Hackers breached the email account of the U.S. Ambassador to China during the same cyberattack that targeted Microsoft accounts at government agencies in the United States and Europe for at least a month before being discovered.

Federal authorities confirmed Thursday that Nicholas Burns' unclassified emails were hacked in the breach, along with those of Assistant Secretary of State for East Asia Daniel Kritenbrink, who accompanied Secretary of State Antony Blinken on his trip to China in mid-June when the intrusion was first detected, Politico, NBC News and CNN reported.


Burns and Kritenbrink join a growing list of administration officials to be ensnared by the suspected Chinese hack, which also exposed the emails of Commerce Secretary Gina Raimondo, a congressional staffer, a U.S. humanitarian advocate and a host of research institutes across the country.


The breach, discovered June 16 and first reported a week ago by the Wall Street Journal, targeted nine U.S. organizations and agencies and more than two dozen global entities, as well as individuals associated with them, through apparent cracks in Microsoft's cloud security systems.

Technical staff at the State Department discovered the breach on June 16 and notified Microsoft engineers, but a preliminary investigation has since determined the trail of anomalous activity went back as far as May 15.

Microsoft said it thwarted the attack and immediately placed blame on "an adversary based in China" who was "focused on espionage." Notably, however, U.S. officials have not leveled any accusations against Beijing.

The breach was still being investigated to determine its full scope as investigators were not sure yet whether anything of value had been stolen.

Previously, the FBI said no U.S. secrets were compromised, and that the attack was extinguished before spreading beyond the email protocol.

Officials said only a small fraction of government email accounts in the United States were exposed before the hack was contained.

National Security Council spokesman Adam Hodges also confirmed that hackers had only gained access to unclassified information.

So far there has been no indication that Blinken's emails were hacked in the breach, which came to light just as Washington and Beijing were holding summits in an effort to ease months of tensions.


At a news conference in Jakarta, Indonesia, last week, Blinken said he brought up the hacking incident during a meeting with top Chinese diplomat Wang Yi.

"I can't discuss details of our response. Beyond that, and most critically, this incident remains under investigation," he said.

Microsoft, meanwhile, was working to reassure customers that their personal data was safe, and rolled out a series of no-cost digital forensic tools after lawmakers criticized the company for charging too much for basic email protections.

"It is unconscionable that two years after the SolarWinds hack, Microsoft was still upcharging federal agencies for critical security features," said Sen. Ron Wyden, D-Ore. "Our national security depends on making cybersecurity a core part of the software contracting process."

The Biden administration was also responding, with the White House releasing a national strategy to address cybersecurity a day after the latest hack was publicly revealed. The plan seeks to go after perpetrators of ransomware attacks and other cybercrimes, while increasing software transparency, which would raise accountability on tech suppliers around the world.

The State Department plans to release an International Cyberspace and Digital Policy Strategy that will seek further cooperation from global allies on the matter.


In a blog post earlier this week, analysts with the U.S. cybersecurity firm Mandiant acknowledged the Chinese had become more advanced in their spying capabilities over the past decade.

"Chinese cyber espionage operators' tactics had steadily evolved to become more agile, stealthier, and complex to attribute," the company wrote.

Latest Headlines