A Chinese hacking group broke into U.S. government networks and had access to email accounts for a month, an incident that has triggered national security concerns.
The hacking incident began in May, and the email accounts of 25 organizations, including government agencies, were accessed. The issue was first identified by a government agency, which then alerted its service provider, Microsoft.
According to the tech firm, the hacking group, China-based Storm-0558, used forged credentials to break into the networks. The company has since resolved the issue.
The activity could be a part of a broader espionage campaign against the United States as Chinese hackers are some of the most persistent malicious actors online, with a targeted focus on the country and its assets.
In a press briefing on July 12, U.S. officials with the Cybersecurity and Infrastructure Security Agency (CISA) said that no sensitive information was stolen during the attack.
The way Storm-0558 broke into the networks has raised concerns among experts. Storm-0558 used forged authentication tokens—used to verify the identity of users—to gain access to sensitive U.S. data.
Cybersecurity researcher Jake Williams, a former National Security Agency offensive hacker, said the hackers could have used forged authentication tokens to hack into non-enterprise Microsoft users, including Chinese dissidents.
Adam Meyers, the head of intelligence for cybersecurity firm Crowdstrike, highlighted the vulnerability of being too dependent on a single technology provider, such as Microsoft.
Chinese Involvement
A Chinese foreign ministry spokesman, Wang Wenbin, called the U.S. accusation of hacking “disinformation” aimed at diverting attention from U.S. cyberespionage against China.On July 12, Sen. Mark Warner (D-Va.), chairman of the Senate Select Committee on Intelligence, called for strengthened efforts to counter the hacking threat posed by China following reports of Storm-0558’s hack.
“The Senate Intelligence Committee is closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence,” he said in a statement. “It’s clear that the PRC is steadily improving its cyber collection capabilities directed against the U.S. and our allies. Close coordination between the U.S. government and the private sector will be critical to countering this threat.”
“This, I think, is the real threat that we need to be prepared for, and to focus on and to build resilience against,” Ms. Easterly said.
“Given the formidable nature of the threat from Chinese state actors, given the size of their capability, given how much resources and effort they’re putting into it, it’s going to be very, very difficult for us to prevent disruptions from happening,” she added.
Other Incidents
In June, cybersecurity firm Mandiant stated that suspected state-backed Chinese hackers broke into the networks of hundreds of public and private organizations globally, with almost a third being government agencies. Organizations in the Americas accounted for 55 percent of those targeted.That hack began in October last year and lasted at least until it was discovered in May. The hackers used a security hole in a popular email service to break into the networks.
“This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” Charles Carmakal, Mandiant’s chief technical officer, said.
The hackers focused on issues that are considered high-level priorities by Beijing. Targets included academic organizations in Taiwan and Hong Kong and foreign ministries in Southeast Asia.
