In Washington on September 27th, a Senate staff member disclosed to Reuters that Chinese hackers, who successfully infiltrated Microsoft’s email platform earlier this year, were able to pilfer tens of thousands of emails from U.S. State Department accounts. The staff member, who had attended a briefing conducted by State Department IT personnel, relayed that officials informed lawmakers that 60,000 emails were taken from 10 State Department accounts. Among the victims, nine were focused on East Asia and the Pacific, while one was engaged with European affairs, as outlined in an email sharing the briefing’s details. The staff member requested anonymity.
The staff member is employed by Senator Eric Schmitt.
In July, both U.S. officials and Microsoft reported that hackers linked to the Chinese government had been infiltrating email accounts at approximately 25 entities, including the U.S. Departments of Commerce and State, since May. The full scope of this breach remains uncertain.
The accusations made by the United States, attributing the breach to China, have added tension to the already strained relations between the two nations, with Beijing denying any involvement in the incident.
The State Department personnel whose accounts were compromised were mainly working on diplomatic matters concerning the Indo-Pacific region. Moreover, in the Wednesday briefing, it was disclosed that the hackers managed to acquire a complete list of all the department’s emails.
This substantial security breach has refocused scrutiny on Microsoft’s pivotal role in providing IT services to the U.S. government. In response, the State Department has embarked on a shift toward “hybrid” environments that involve multiple vendor companies and has stepped up the implementation of multi-factor authentication as part of its measures to bolster system security, as detailed by officials in the briefing.