The Chinese hackers who breached senior US officials’ emails in May and June were able to do so by first stealing sensitive data from a Microsoft engineer, the company revealed Wednesday.
Multiple mishaps, including the crash of an internal Microsoft system in April 2021 and the hack of the engineer, gave the Chinese hackers coveted access to a cryptographic key that was later used to break into the US officials’ email accounts, the tech giant said in a blog post.
The statement sheds new light on a cyber-espionage campaign that has caused a furor in Washington. The hackers had breached the email accounts of US Ambassador to China Nicholas Burns and Commerce Secretary Gina Raimondo, in advance of Raimondo’s trip to China.
Republican Rep. Don Bacon of Nebraska, who has been critical of the Chinese government, said he was also breached by the hackers..
Chinese government officials have responded to the hacking allegations by accusing the US government of conducting cyberattacks against China.
Microsoft has been under scrutiny from US lawmakers and officials who have demanded more information on how the alleged Chinese hackers broke into the email accounts. The Department of Homeland Security-backed Cyber Safety Review Board – a panel of US government and private experts – is investigating the root causes of the breach.
Microsoft said Wednesday that it had corrected the technical issues that allowed the hackers to obtain the cryptographic key from its internal system.
“Microsoft is continuously hardening systems as part of our defense in depth strategy,” the company said.
The alleged Chinese hacking campaign came at a particularly delicate time in US-China relations, as Secretary of State Antony Blinken prepared to make a high-stakes trip to China in June. As CNN previously reported, the Biden administration believes the Chinese hacking gave Beijing insights about US thinking ahead of Blinken’s trip.
Though the State Department confronted the Chinese government about the hack, a senior National Security Agency official, Rob Joyce, has described the activity as standard espionage.
“That’s what nation-states do,” Joyce said in July. “We have to defend against it, we need to push back against it. But that is something that happens.”