A Chinese hacking group broke into U.S. government networks and had access to email accounts for a month, an incident that has triggered national security concerns among experts.
The hacking incident began in May and led to the email accounts of 25 organizations being accessed, including government agencies. The issue was first identified by a government agency, which then alerted its service provider, Microsoft.
According to the tech firm, the hacking group, China-based Storm-0558, used forged credentials to break into the networks. The company has since resolved the issue.
This attempt could be a part of a broader espionage campaign against the United States as Chinese hackers are one of the most persistent malicious actors online, with a targeted focus on the country and its assets.
In a press briefing Wednesday, U.S. officials with the Cybersecurity and Infrastructure Security Agency (CISA) said that no sensitive information was stolen during the attack.
The way Storm-0558 broke into the networks has raised concerns among experts. Storm-0558 used forged authentication tokens—used to verify the identity of users—to gain access to sensitive U.S. data.
Cybersecurity researcher Jake Williams, a former National Security Agency offensive hacker, said the hackers could have used forged authentication tokens to hack into nonenterprise Microsoft users, including Chinese dissidents.
Adam Meyers, the head of intelligence for cybersecurity firm Crowdstrike, highlighted the vulnerability of being too dependent on a single technology provider such as Microsoft.
“Having one monolithic vendor that is responsible for all of your technology, products, services, and security can end in disaster,” Mr. Meyers said.
A Chinese foreign ministry spokesman, Wang Wenbin, called the U.S. accusation of hacking “disinformation” aimed at diverting attention from U.S. cyberespionage against China.
On Wednesday, Sen. Mark Warner (D-Va.), chairman of the Senate Select Committee on Intelligence, called for strengthened efforts to counter the hacking threat posed by China following reports of Storm-0558’s hack.
“The Senate Intelligence Committee is closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence,” he said in a statement. “It’s clear that the PRC is steadily improving its cyber collection capabilities directed against the U.S. and our allies. Close coordination between the U.S. government and the private sector will be critical to countering this threat.”
In June, CISA director Jen Easterly warned during an event at the Aspen Institute in Washington that Beijing’s hackers will “almost certainly” attempt to disrupt critical U.S. infrastructure like railways and pipelines in case a conflict breaks out between the two nations, so as to “delay military deployment and to induce societal panic.”
“This, I think, is the real threat that we need to be prepared for, and to focus on and to build resilience against,” Ms. Easterly said.
“Given the formidable nature of the threat from Chinese state actors, given the size of their capability, given how much resources and effort they’re putting into it, it’s going to be very, very difficult for us to prevent disruptions from happening,” she added.
During an appearance before the House Appropriations Committee on April 27, FBI Director Christopher Wray said that Chinese hackers outnumber U.S. cyber specialists by 50 to 1.
Terming China “the greatest threat to our country,” Wray said that the FBI blocks 15 million cyberattacks against America’s infrastructure every week.
In June, cybersecurity firm Mandiant said that suspected state-backed Chinese hackers broke into the networks of hundreds of public and private organizations globally, with almost a third being government agencies. The Americas accounted for 55 percent of the targeted organizations.
The multimonth hack began in October last year and lasted at least until May when it was discovered. The hackers had used a security hole in a popular email service to break into the networks.
“This is the broadest cyber espionage campaign known to be conducted by a China-nexus threat actor since the mass exploitation of Microsoft Exchange in early 2021,” said Charles Carmakal, Mandiant’s chief technical officer.
The hackers focused on issues that are considered high-level priorities by Beijing. Targets included academic organizations in Taiwan and Hong Kong as well as foreign ministries in Southeast Asia.
The Associated Press contributed to this report.