US National Security Council Coordinator for Strategic Communications John Kirby speaks during the daily briefing in the James S Brady Press Briefing Room of the White House in Washington, DC, on June 5, 2023.
Andrew Caballero-Reynolds | AFP | Getty Images
The hackers accessed Microsoft-powered email accounts at the agencies as part of a continued effort by China-based actors to spy on and steal sensitive government and corporate data. The hacking group, code-named Storm-0558 by Microsoft, also compromised personal accounts “associated” with the agencies, likely employees of the agencies.
The compromise was “mitigated” by Microsoft cybersecurity teams after it was first reported to the company in mid-June 2023, Microsoft said in a pair of blog posts about the incidents. The hackers had been inside government systems since at least May, the company said.
U.S. government officials identified the potential intrusion to Microsoft. The National Security Council didn’t identify which agencies had been impacted, although a bulletin from the FBI and the Cybersecurity and Infrastructure Security Agency said that the first report was made by a single executive-branch agency.
“Last month, U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems. Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” National Security Council spokesperson Adam Hodge said in a statement to the Wall Street Journal. “We continue to hold the procurement providers of the U.S. government to a high security threshold.”
Microsoft is a major government contractor and its Exchange software is used almost ubiquitously by public- and private-sector clients. The company has invested significantly in cybersecurity research and threat containment, given how commonplace its software is and how high-profile its many clients are.
Top law firm Covington and Burling, for example, was compromised by Chinese hackers using an exploit of Microsoft server software in 2020.
The latest compromise comes months after Microsoft and top government officials acknowledged that another Chinese state-backed group was behind espionage efforts that targeted “critical” U.S. civilian and military infrastructure, including a naval base in Guam.
It’s also a timely example of the kind of threat that U.S. national security officials have been warning about for months and years. Jen Easterly, the top U.S. cybersecurity official, has called China an “epoch-defining” threat.