Microsoft Outlook breach: Blinken tells China that US will hold hackers 'accountable'

US Secretary of State Antony Blinken

US Secretary of State Antony Blinken (2nd-R) and Director of the Office of the Foreign Affairs Commission of the Communist Party of China's Central Committee Wang Yi (2nd-L) attend their bilateral meeting on the sidelines of the Association of Southeast Asian Nations (ASEAN) Foreign Ministers’ Meeting in Jakarta on July 13, 2023. 

Photo credit: Courtesy | AFP

US Secretary of State Antony Blinken told China's top diplomat Thursday that Washington will hold hackers accountable after he raised alleged breaches of US government agencies, a US official said.

Blinken, in talks in Jakarta with Wang Yi, "made clear that any action that targets US government, US companies, American citizens, is of deep concern to us and that we will take appropriate action to hold those responsible accountable," a senior US official said.

The official, speaking on condition of anonymity, said Blinken raised the new cases but stopped short of saying whether Washington's top diplomat directly accused China of involvement.

Microsoft said this week a Chinese hacking group had gained access to nearly 25 organisations with the goal of espionage. 

Blinken and Wang were meeting on the sidelines of Association of Southeast Asian Nations talks, less than a month after Blinken made a rare trip to Beijing.

Despite a new flurry of diplomacy between the world's two largest economies, the United States has failed to persuade China to resume communication between their two militaries, seen as crucial in preventing incidents from spiralling into all-out conflict.

Blinken "underscored we have a responsibility to keep our channels of communication open, including between our two militaries," another US official said.

"I think it's urgent that we do so. We haven't achieved that yet," he said.

China has demanded that the United States lift sanctions on its defence minister, Li Shangfu, which were imposed over weapons purchases from US adversary Russia.

Officials said Blinken also spoke to China about ways to combat precursor chemicals that make fentanyl, the synthetic opioid behind an addiction epidemic in the United States.

Microsoft Outlook hacked

Hackers, possibly linked to China’s intelligence agencies, are being blamed for a month-long campaign that breached some unclassified U.S. email systems, allowing them to access to a small number of accounts at the U.S. State Department and a handful of other organizations.

Microsoft first announced the intrusion Tuesday, attributing the attack on its Outlook email service to Chinese threat actors it dubbed Storm-0558.

The company said in a blog post that the hackers managed to forge a Microsoft authentication token and gain access to the email accounts of 25 organizations, both in the U.S. and around the globe, starting in mid-May.

The company said access was cut off after the breach was discovered a month later.

“We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection,” Microsoft said. “This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems.”

The State Department confirmed Wednesday that it had discovered the breach and had taken “immediate steps” to secure its systems and to notify Microsoft.

Some U.S. officials, however, were hesitant to back Microsoft’s attribution for the attack while saying the U.S. “would make all efforts to impose costs” on whoever was responsible.

“The sophistication of this attack, where actors were able to access mailbox content of victims, is indicative of APT [advanced persistent threat] activity but we are not prepared to discuss attribution at a more specific level,” a senior FBI official told reporters Wednesday, briefing them on the condition of anonymity.

According to senior officials with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), the number of U.S. victims of the Microsoft Outlook breach was in the single digits and only a small number of accounts were accessed.

They added that because the breach was detected quickly, the hackers did not have access to any email account for more than a month and never had access to any classified information or systems. In many cases, their access lasted only days.

Still, the officials noted the reason for concern.

“The targeting was intentional,” said a senior CISA official who spoke to reporters on the condition of anonymity.

“This appears to have been a very targeted, surgical campaign that was not seeking the breadth of access we have seen in other campaigns,” the official added.

Despite the reluctance of some U.S. cyber officials to place the blame on China, there was no hesitation Wednesday from key U.S. lawmakers.

“The Senate Intelligence Committee is closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence,” Chairman Mark Warner said in a statement.

“It’s clear that the PRC is steadily improving its cyber collection capabilities directed against the U.S. and our allies,” the Virginia Democrat added. “Close coordination between the U.S. government and the private sector will be critical to countering this threat.”

Top U.S. intelligence, security and military officials have long warned about the growing cybersecurity threat posed by China-linked hackers.

A separate Defense Department cyber strategy likewise warned of China’s increased investments in military cyber capabilities while also empowering a growing number of cyber proxies.

But John Hultquist, chief analyst at Google’s Mandiant cybersecurity intelligence operation, said this latest attack showed that the Chinese threat has evolved in a very dangerous way.

“Chinese cyber espionage has come a long way,” Hultquist said in an email. “They have transformed their capability from one that was dominated by broad, loud campaigns that were far easier to detect. They were brash before, but now they are clearly focused on stealth.”

VOA reached out to the Chinese Embassy in Washington about the allegations that Beijing was behind the Microsoft attack.

“China is against cyberattacks of all kinds and has suffered from cyber hacking,” Chinese Embassy spokesperson Liu Pengyu told VOA in an email. “As MFA (Ministry of Foreign Affairs) spokesperson has commented at regular press conference, the source of Microsoft's claim is information from the U.S. government authorities.”

Liu went on to call the U.S. “the biggest hacking empire and global cyber thief,” saying it was “high time that the U.S. explained its cyberattack activities and stopped spreading disinformation to deflect public attention.”

In its blog post about the latest breach Tuesday, Microsoft said it had managed to repair its systems for all of its customers.

The FBI and CISA on Wednesday separately issued a cybersecurity advisory, urging organizations using Microsoft Exchange Online to take steps to increase their security measures and also their monitoring of their systems to catch any suspicious activity.

- Additional reporting by VOA