Chinese Hackers Compromised US State Department Emails in Microsoft Breach, Senate Staffer Claims

By Raphael Satter and Zeba Siddiqui

WASHINGTON – Chinese hackers who infiltrated Microsoft’s email platform this year succeeded in stealing tens of thousands of emails from U.S. State Department accounts, according to information provided by a Senate staffer on Wednesday. The staffer, who attended a briefing with State Department IT officials, revealed that approximately 60,000 emails were taken from 10 State Department accounts. Of those accounts, nine were associated with work on East Asia and the Pacific, while one was focused on Europe. The staffer asked to remain anonymous.

U.S. officials, along with Microsoft, disclosed in July that Chinese state-linked hackers had accessed email accounts at around 25 organizations, including the U.S. Commerce and State Departments, since May. However, the full extent of the breach remains uncertain.

Accusations against China regarding the breach have further strained an already tense relationship between the two nations, with Beijing categorically denying the claims.

The compromised State Department employees primarily worked on Indo-Pacific diplomatic initiatives, and the breach included access to a list containing all emails from the department, according to the briefing details.

This extensive hack has drawn renewed scrutiny to Microsoft’s significant role in providing IT services to the U.S. government. In response, the State Department has started transitioning to hybrid environments that incorporate multiple vendors and is enhancing the use of multi-factor authentication to bolster system security.

The breach occurred after the hackers compromised a Microsoft engineer’s device, which enabled them to access the State Department’s email accounts. Earlier this month, Microsoft stated that the hack affecting senior officials at the U.S. State and Commerce Departments originated from the compromise of a corporate account belonging to a Microsoft engineer. Senator Eric Schmitt, whose staffer attended the briefing, emphasized the need to strengthen defenses against such cyberattacks and suggested reevaluating the federal government’s dependence on a single vendor, highlighting it as a potential vulnerability.

A Microsoft representative did not provide an immediate comment regarding the Senate briefing. The company has faced criticism over its security measures since the breaches occurred and noted that the hacking group responsible, referred to as Storm-0558, had breached webmail accounts hosted on its Outlook service.

The State Department has not yet responded to requests for comment, and Senator Schmitt was unavailable for an interview.