China-based hackers who breached the email accounts of at least two federal agencies, a cabinet member and a number of individuals did not come away with any classified information, a top government official said on Sunday, July 16, 2023, The Hill reported.
National Security Advisor Discusses Hacks
“The intrusion here was actually into Microsoft’s cloud system. And they got into that system and then through that, into the unclassified email accounts of U.S. government officials,” National Security Advisor Jake Sullivan said on CNN’s “State of the Union.”
“And I stress these were unclassified e-mail accounts, so they did not get any classified information. This type of activity has occurred in a number of administrations. It was actually the U.S. government that discovered the hack, and we did because we have increased our cyber defenses over the course of the past couple of years. We discovered it, we quickly shut it down and now we have taken the steps to make sure this is not an ongoing vulnerability.”
Sullivan told ABC This Week that the Biden Administration will hold the perpetrators responsible but didn’t say how or when that will happen:
“Microsoft said it was China. We see nothing so far to dispute what Microsoft has said or to second guess their claim that it was China. In every case, we take the necessary time and rigor to be able to fully investigate what happened, who did it and what the best response is. We’re still in the middle of that."
Numerous Federal Agencies Targeted
Since the news broke , several victims in addition to the Commerce Department have acknowledged they were affected, including personnel at the State Department and U.S. House of Representatives. Secretary of Commerce Gina Raimondo is the only U.S. cabinet member known to have been hacked so far.
Last week, word about the hacking operation surfaced from Microsoft and federal officials, who separately described a clandestine cyber espionage attack that took place during May and June 2023. To this point, the number of affected agencies, while not made public, is said to be “in the single digits.” No estimate of the number of affected individuals has been offered by the government.
In a security brief, Microsoft said that it is “publishing details of activity by a China-based actor” tracked as Storm-0558. The vendor did not say if the cyber actors were backed by the Chinese government.