High ranking US Diplomats Involved in Microsoft Email Breach Linked to China
The spying activity overlapped with a period of intense diplomatic engagement between Washington and Beijing.
Alleged Chinese Hackers Breached U.S. Diplomats’ Emails, Including the Ambassador to China.
In a recent cyberattack on government accounts, suspected Chinese hackers gained access to the emails of U.S. Ambassador to China Nicholas Burns and Daniel Kritenbrink, the State Department’s assistant secretary of state for East Asia. Both officials were identified as victims in the likely Chinese spying campaign, which came to light last month.
The hackers targeted the unclassified email accounts of Ambassador Burns and Assistant Secretary Kritenbrink. The State Department confirmed its inclusion among the more than two dozen organizations breached during the global espionage incident, but specific names of affected individuals were not initially disclosed.
Although Microsoft has attributed the spying activity to China, the U.S. government has not yet officially named the culprit. The Wall Street Journal was the first to report that the hackers accessed the inboxes of Burns and Kritenbrink, while the Washington Post previously mentioned that Commerce Secretary Gina Raimondo’s email was also breached.
The extent of the information accessed by the hackers and its potential value remains uncertain. However, the timing of the spying campaign, which began in May, coincided with a crucial period of diplomacy between the U.S. and China. Officials were actively preparing for Secretary of State Antony Blinken’s visit to Beijing in mid-June and this month’s visits by Treasury Secretary Janet Yellen and climate envoy John Kerry.
Security experts have praised the technical sophistication of the campaign, highlighting an acceleration in China’s digital spying capabilities. Cybersecurity firm Mandiant noted the evolution of Chinese cyber espionage tactics over the last decade to become more agile, stealthy, and challenging to attribute.
The incident also raises concerns about the scope and impact of the breach and prompts questions about Microsoft’s responsibility in the matter. To address frustrations from U.S. officials, the company recently provided existing customers with enhanced digital forensic tools. However, some lawmakers criticize Microsoft for previously placing high price tags on core security products, potentially preventing many lower-paying victims from detecting the breach.
Senator Ron Wyden (D-Ore.) emphasized the importance of cybersecurity in software contracting, stating that it is vital for national security. As investigations continue, the exact implications of the breach and the lessons learned will likely shape future cybersecurity measures.