Chinese Hackers Breach US Ambassador to China’s Email


Reports claim that Chinese hackers hacked the email account of the U.S. Ambassador to China in order to target several American and international groups, including another account within the State Department.

China-based hackers breached the email account of US Ambassador to China Nicholas Burns as part of a recent targeted intelligence-gathering campaign, three US officials familiar with the matter told CNN.

According to the sources, hackers also gained access to the email account of Daniel Kritenbrink. He is the Assistant Secretary of State for East Asia and recently traveled with Secretary Antony Blinken in China.

The State Department has not commented on these reports.

This latest attack is part of a pattern of recent cyber attacks against both State and Commerce–including last week’s account of the U.S. Commerce Secretary:

A Microsoft vulnerability allowed Chinese hackers to access the emails of U.S. State Department and Commerce Secretary Gina Raimondo last month, according to both a spokesperson for the department and a report.

Cybersecurity and Infrastructure Security Agency and FBI released a joint advisory on Wednesday announcing a breach. They did not identify the target. However, they said that a federal agency had first spotted suspicious activity in mid-June after noticing Microsoft 365 Audit Logs were being accessed in Exchange Online mailboxes by licensed users through abnormal programs. The agency reported this activity to Microsoft and CISA.

CISA and FBI confirmed that the attackers penetrated the systems of the State and around two dozen other organizations using forged authentication tokens. This breach was first reported by Microsoft Tuesday night. Microsoft’s investigators have identified the infiltrators, Storm-0558. This group is primarily used for espionage and credential access, as well as data theft, to target Western European government agencies.

Last Wednesday, the State Department confirmed last week’s hacks via email. Adam Hodge, spokesperson for the White House National Security Council, said in a statement:

The U.S. Government’s safeguards detected an intrusion into Microsoft’s cloud security last month. This affected the unclassified system. Officials immediately contacted Microsoft in order to identify the source of this intrusion and find the vulnerability in their cloud services. We continue to require that the U.S. Government’s procurement providers meet a high level of security.

The Intel Committee chair Senator Mark Warner (D.VA) also said that his committee was “closely watching what appears to have been a significant cyber breach by Chinese intelligence”.

He added:

Warner stated that it was clear the PRC has been improving its cyber-collection capabilities against the U.S. To counter this threat, the U.S. Government and the private sector must work closely together.

China’s reaction to these reports was predictable: It reacted with the usual accusation that the U.S. is “spreading misinformation”.

Wang Wenbin (the spokesperson for China’s Ministry of Foreign Affairs) did not deny that the breach occurred, but he said that it was the U.S. who is “the biggest hacking empire in the world and the global cyber thief” when responding to a press question at a Beijing conference.

He continued:

Since last year, cyber institutions in China and other countries have released reports revealing the U.S. government’s cyberattacks on China over the years. However, the U.S. still has not responded. The U.S. must explain its cyberattacks and stop spreading misinformation to divert public attention.

We will continue to cover this story as new details become available.