China’s Hacking of U.S. Government Email Was Espionage, Official Says
The hack of Microsoft’s cloud that resulted in the compromise of government emails was an example of a traditional espionage threat, a senior National Security Agency official said.
Speaking at the Aspen Security Forum, Rob Joyce, the director of cybersecurity at the N.S.A., said the United States needed to protect its networks from such espionage, but that adversaries would continue to try to secretly extract information from each other.
“It is China doing espionage,” Mr. Joyce said. “It is what nation-states do. We have to defend against it, we need to push back against it. But that is something that happens.”
The hackers took emails from senior State Department officials including Nicholas Burns, the U.S. ambassador to China. The theft of Mr. Burns’ emails was earlier reported by The Wall Street Journal and confirmed by a person familiar with the matter.
The emails of Commerce Secretary Gina Raimondo were also obtained in the hack, which was discovered in June by State Department cybersecurity experts scouring user logs for unusual activity. Microsoft later determined that Chinese hackers had obtained access to email accounts a month earlier.
In a new deal with the Cybersecurity and Infrastructure Security Agency announced on Wednesday, Microsoft agreed to provide access to cloud computing logs to more users so they could hunt for unusual activity or potential hacks.
Hundreds of thousands of emails were compromised, but U.S. officials have described the attack as a targeted one that used a compromised security key to penetrate selected Microsoft Outlook mailboxes.
Mr. Joyce said the attackers were able to impersonate authorization to read those emails.
Speaking alongside Mr. Joyce, Brad Smith, the president of Microsoft, said the attack showed the “growing sophistication” of China.
But both Mr. Joyce and Mr. Smith said the hack announced last week was less concerning than a broader breach that Microsoft, the N.S.A. and the Cybersecurity and Infrastructure Security Agency announced in May. In that intrusion, which affected networks in Guam and elsewhere, malware was placed inside critical infrastructure and some unclassified military systems. Such cyberweapons could be used if tensions escalate between the United States and China over Taiwan.
In the hack announced last week, U.S. officials have said Secretary of State Antony J. Blinken’s emails were not compromised. In a statement last week, Mr. Blinken said the incident remains under investigation.
“As a general matter, we have consistently made clear to China as well as to other countries that any action that targets the U.S. government or U.S. companies, American citizens, is of deep concern to us, and we will take appropriate action in response,” Mr. Blinken said.
Edward Wong in Washington contributed reporting.