US ambassador to China’s emails breached in massive hack

21 Jul 2023

Image: © klenger/Stock.adobe.com

The ambassador’s email account was part of a wider hacking campaign, which reportedly compromised hundreds of thousands of government emails.

The US ambassador to China was one of the victims of the recent wave of suspected China-based hacking that impacted multiple government agencies, according to reports.

The Wall Street Journal first reported that hackers managed to infiltrate the emails of US ambassador Nicholas Burns, citing people familiar with the matter. The breach appears to be linked with the wave of attacks that Microsoft attributed to China earlier this month.

The tech company claimed this hacking operation managed to access the emails of 25 organisations on 15 May with “forged authentication tokens”. Microsoft also said it only started investigating on 16 June after receiving “customer reported information”.

Since that revelation, there have been reports of multiple high profile figures in the US government being involved, with the Wall Street Journal reporting that hundreds of thousands of US government emails may be compromised.

Three US officials also confirmed the ambassador email breach to CNN and claimed the emails of Daniel Kritenbrink – US assistant secretary of state for East Asian and Pacific affairs – were also breached. Two unnamed sources also confirmed both of these breaches to Politico.

The US government has not attributed the hacking campaign to China. Meanwhile, Liu Pengyu, the spokesperson for China’s Washington embassy, told Reuters that the country firmly opposes and combats cyberattacks and cybertheft “in all forms”.

“We hope that relevant sides will adopt a professional and responsible attitude … rather than make groundless speculations and allegations,” Pengyu said.

Microsoft has faced criticism this week, as the threat actor gained access to emails by impersonating Microsoft Azure AD users. Since then, the tech giant has announced plans to expand cloud logging access to give customers better “security visibility”.

Microsoft said it will makes wider cloud security logs available to customers “at no additional cost”. The company said this decision came about due to its close partnership with the US Cybersecurity and Infrastructure Security Agency, which has “called for the industry to take action in order to better protect itself from potential cyberattacks”.

In March, Microsoft issued a patch for a critical Outlook vulnerability, which was used by Russian hackers to launch cyberattacks on multiple European organisations.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com