According to a congressional staffer, about 60,000 emails were stolen by suspected Chinese government hackers from the Microsoft email system used by 10 employees of the State Department.
The suspected Chinese government hackers also gained access to a directory of State Department employees, as well as information on their travel plans and confidential discussions.
Many of the targeted employees were focused on Indo-Pacific diplomacy efforts. China has reportedly used the stolen information to prepare for upcoming meetings with top Biden administration officials.
Chinese government hackers used advanced techniques to exploit a Microsoft engineer’s computer and steal a heavily protected account-signing key, using it to access their victims’ accounts without raising alarms.
The cyberattack done by the Chinese government hackers affected 25 Microsoft customers, including two other federal agencies.
The State Department expressed uncertainty regarding whether the Chinese government hackers obtained sensitive information, such as Social Security numbers.
The department has since implemented significant cybersecurity improvements, increasing multi-factor authentication for computer systems, and minimizing reliance on a single vendor for vital services.
According to The Statesman, the State Department is now transitioning to “hybrid” settings and enhancing its system defenses to prevent future attacks. Microsoft has yet to comment on the Senate briefing.