Cyber Security News

Chinese Hackers Breached Microsoft’s Email Platform to Steal 60,000+ US Govt Emails

In a significant cybersecurity breach, Chinese hackers successfully infiltrated Microsoft’s email platform earlier this year, leading to the theft of tens of thousands of emails from the U.S. State Department accounts, according to information shared by a Senate staffer who attended a briefing by State Department IT officials.

The breach came to light as State Department IT officials revealed that approximately 60,000 emails were stolen from ten State Department accounts during the attack.

Notably, nine of the affected accounts were linked to individuals working on matters concerning East Asia and the Pacific, while one account was focused on European affairs.

This revelation is part of an ongoing investigation into a series of cyberattacks that have rocked various U.S. organizations. 


Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Sophisticated Infiltration:

In July, both U.S. officials and Microsoft disclosed that state-linked Chinese hackers had gained unauthorized access to email accounts in approximately 25 different organizations, including the U.S. Commerce and State Departments. 

However, the full extent of the compromise and the potential consequences of the stolen emails remain unclear, reads the Reuters report.

The allegations that China was responsible for these cyberattacks have further strained already tense relations between the United States and China. 

Beijing has vehemently denied any involvement in these breaches.

The compromised State Department email accounts were primarily used for Indo-Pacific diplomacy efforts. 

Shockingly, the hackers also managed to obtain a comprehensive list containing all of the department’s emails.

This high-profile breach has put the spotlight on Microsoft’s substantial role in providing IT services to the U.S. government. 

Calls for Action:

The State Department has initiated measures to enhance its cybersecurity defenses. 

These measures include transitioning to “hybrid” environments that involve multiple vendor companies and an increased adoption of multi-factor authentication.

The hackers’ initial point of entry into the State Department’s systems was the compromise of a Microsoft engineer’s device, which provided them access to the State Department’s email accounts, according to details shared during the briefing.

Senator Eric Schmitt, whose staffer provided these details, emphasized the need for stronger cybersecurity defenses and called for a reevaluation of the federal government’s reliance on a single vendor for critical services.

Microsoft has not yet issued an immediate comment in response to these developments. 

The tech giant has faced evaluation over its security practices in the wake of these breaches and previously stated that the hacking group behind the attacks, known as Storm-0558, had targeted webmail accounts operating on the company’s Outlook service.

Efforts to reach the State Department for comment were unsuccessful at the time of this report, and Senator Schmitt was not available for further interviews. 

This breach serves as a stark reminder of the evolving nature of cyber threats and the critical importance of securing sensitive government information in an increasingly digital world.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Weekly Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & More

On a weekly basis, the cyber security newsletter is considered an essential update on information…

5 hours ago

8.5 Million Windows Systems Hit by CrowdStrike Faulty Update – Microsoft Says!

Microsoft has revealed that a faulty software update released by cybersecurity firm CrowdStrike on July…

1 day ago

Hackers Exploits CrowdStrike Issues to Attack Windows System With RemCos Malware

On July 19, 2024, CrowdStrike identified an issue in a content update for the Falcon…

1 day ago

Alert! Hackers Exploiting CrowdStrike Issue in Cyber Attacks

Cybersecurity experts have uncovered a concerning development following the recent CrowdStrike Falcon sensor issue that…

2 days ago

10 Best Linux Firewalls In 2024

At present, many computers are connected via numerous networks. Monitoring all traffic and having something…

2 days ago

CrowdStrike Releases Fix for Updates Causing Windows to Enter BSOD Loop

CrowdStrike has issued a fix for a problematic update that caused numerous Windows systems to…

2 days ago