Chinese snoops stole 60K State Department emails in that Microsoft email heist

Chinese snoops stole about 60,000 State Department emails when they broke into Microsoft-hosted Outlook and Exchange Online accounts belonging to US government officials over the summer.

"No classified systems were hacked," said State Department spokesperson Matthew Miller during a press briefing Thursday. "These only related to the unclassified systems."

The emails exfiltrated from Microsoft's cloud belonged to 10 State Department officials, nine of whom were working on Indo-Pacific diplomatic efforts, according to Politico. Data stolen from the inboxes reportedly included travel itineraries, diplomatic deliberations, and the 10 officials' Social Security numbers.

The thieves also accessed a list of every State Department email address, according to CNN. These email addresses could be used in future phishing campaigns and other social-engineering schemes.

And while the State Department has not yet formally blamed China or one of its cyber-espionage crews for the break-in, "we have no reason to doubt the attribution that Microsoft has made publicly," Miller said during the briefing.

The State Department uncovered the breach in July and notified Microsoft, which then attributed the intrusion to a China-based threat actor it tracks as Storm-0558. 

In total, the crooks gained access to email data from around 25 organizations, which also included the US Commerce Department, Microsoft said at the time. 

Earlier this month, Redmond said the cyber-snoops were able to break into the federal government's email accounts because the spies compromised a Microsoft engineer's corporate account and stole a cryptographic key from a software crash dump that should not have contained a copy of the super-secret key in the first place. That key was then used to unlock Uncle Sam's email inboxes hosted by Microsoft in its cloud.

• Microsoft: China stole secret key that unlocked US govt email from crash debug dump
• Routers have been rooted by Chinese spies, US and Japan warn
• Barracuda gateway attacks: How Chinese snoops keep a grip on victims' networks
• Report: CIA eyes building AI chatbot to rival China

The stolen-emails admission comes as Uncle Sam increasingly sounds the alarm on cyber-espionage threats posed by Chinese government-backed thieves.

Yesterday, US and Japanese law enforcement and cybersecurity agencies warned that Beijing's spies may be hiding in organizations' Cisco routers and using that access to steal sensitive information. The agencies attributed the espionage to a gang called BlackTech that, we're told, targets government, industrial, technology, media, electronics, telecommunication, and defense players in the US and East Asia. 

In July, FBI Director Christopher Wray accused China of stealing "more of our personal and corporate data than every nation big or small, combined." 

The FBI has also attributed attacks against Barracuda Email Security Gateway appliances to China, and said snoops likely exploited a bug in that equipment back in October 2022 even though they weren't noticed until May 2023. 

Nearly one-third of these intrusions hit government agencies, according to Mandiant. ®