Tipsheet

Senior State Department Officials Targeted by Chinese Hackers

Senior State Department officials were hacked by a spying group linked to Beijing, which likely provided inside information about U.S. policy toward China amid a series of trips to the country by top Biden officials.  

Hundreds of thousands of U.S. government emails were hacked, including the U.S. ambassador to China, Nicholas Burns, and the assistant secretary of state for East Asia, Daniel Kritenbrink.  

It appeared that Secretary of State Antony Blinken’s email account wasn’t directly infiltrated in the hack, nor were those of his circle of top advisers, one of the people familiar with the matter said. Instead, the hackers appeared to focus on a small number of senior officials responsible for managing the U.S.-China relationship.

The estimate of individual emails accessed is rough and could grow, the people said.

“For security reasons, we will not be sharing additional information on the nature and scope of this cybersecurity incident at this time,” a State Department spokesman said. “The department continuously monitors and responds to activity of concern on our networks. Our investigation is ongoing, and we cannot provide further details at this time.”

The White House National Security Council declined to comment.

Kritenbrink accompanied Blinken on his trip to China a month ago, and Kritenbrink, Burns and Blinken all attended meetings with senior Chinese officials and with Chinese leader Xi Jinping. Before the high-level talks in Beijing, Kritenbrink led a trip of less senior officials to lay the groundwork. […]

The recent hack was pulled off by leveraging a flaw in Microsoft’s cloud-computing environment that has since been fixed, according to the company, which said more than two dozen organizations globally were affected. Fewer than 10 organizations were compromised in the U.S. and each of those appeared to have a small number of individual email accounts directly accessed by the hackers, a senior U.S. cybersecurity official said last week. It isn’t known whether any federal agencies beyond the State and Commerce departments were targeted. (WSJ)

While the attack was "surgical in nature," meant to glean information from “high-value victims,” U.S. officials downplayed its impact. 

“It is China doing espionage,” Rob Joyce, the cybersecurity director at the National Security Agency, said at the Aspen Security Forum on Thursday. “That is what nation-states do. We need to defend against it, we need to push back on it, but that is something that happens.”

U.S. officials said Secretary of Commerce Gina Raimondo’s email was also compromised in the operation.