Chinese Hackers Breached Ambassador’s Email

Written by

A Chinese cyber-espionage campaign revealed by Microsoft last week compromised the government email account of the US ambassador to China and other officials, a new report has claimed.

Citing people familiar with the matter, the Wall Street Journal revealed that the account of Nicholas Burns and Daniel Kritenbrink, the assistant secretary of state for East Asia, were among those compromised in the attacks.

Read more on Chinese state threats: NCSC Warns of Chinese Cyber Attacks on Critical Infrastructure.

They join Commerce Department secretary, Gina Raimondo, as the highest-profile victims thus far of the campaign, which Microsoft attributed to the Beijing-linked Storm-0558 group.

Known for targeting government agencies for sensitive information and logins, the threat actors gained access to customer email accounts via Outlook Web Access in Exchange Online (OWA) and by forging authentication tokens, according to Microsoft.

They used a Microsoft account key to forge the tokens, and also took advantage of a token validation issue to impersonate Azure AD users and gain access to enterprise mail. Presumably it was the latter that enabled access to the US government email accounts.

The WSJ report claimed that the threat group may have access to hundreds of thousands of government emails as a result of the compromise.

However, the accounts were reportedly unclassified systems and therefore likely not to have contained much information of use geopolitically. The timing of the attacks indicates the hackers wanted information ahead of secretary of state Anthony Blinken’s trip to Beijing last month.

Chinese government spokesperson Liu Pengyu predictably dismissed as “groundless” the claims of state-sponsored hacking.

"China firmly opposes and combats cyber-attacks and cyber theft in all forms. This position is consistent and clear," he reportedly said.

What’s hot on Infosecurity Magazine?