Chinese Hackers Stole 60,000 US State Department Emails

A hack of Microsoft’s Outlook email platform earlier this year resulted in the theft of roughly 60,000 emails from the US State Department, the agency has confirmed.

“Yes, it was approximately 60,000 unclassified emails that were exfiltrated as a part of that breach,” State Department spokesman Matthew Miller told a press conference.

He added that classified systems had not been hacked and that the emails were all unclassified.

“We have not made an attribution at this point, but, as I said before, we have no reason to doubt the attribution that Microsoft has made publicly,” Miller said

Emails stolen

“Again this was a hack of Microsoft systems that the State Department uncovered and notified Microsoft about.”

The official remarks followed reports of a briefing by State Department IT officials last week who said the emails had been stolen from 10 accounts within the department.

Nine of the accounts worked on East Asia and the Pacific and one worked on Europe, Reuters reported, citing an unnamed staffer who works for Senator Eric Schmitt.

US officials and Microsoft acknowledged in July that hackers suspected to be allied to the Chinese government had accessed the accounts of about 25 organisations, including the US Commerce and State Departments.

Microsoft revealed technical details of the attack last month, saying the attack group Storm-0558 had used an acquired Microsoft account (MSA) consumer key to forge tokens to access OWA (Outlook Web Access) and Outlook.com.

‘Harden our defences’

China has denied involvement in the hack.

The State Department staff whose accounts were compromised mostly focused on Indo-Pacific diplomacy, officials said at the briefing, adding that the hackers had obtained a list of all the department’s email accounts.

“We need to harden our defences against these types of cyberattacks and intrusions,” Schmitt said in an internal statement following the briefing, Reuters reported. “We need to take a hard look at the federal government’s reliance on a single vendor as a potential weak point.”

Following the hack Microsoft made cloud logging data more widely available at no cost, which could help security organisations identify similar breach attempts in the future.