Reuters-Chinese hackers stole emails from US State Dept in Microsoft breach Senate staffer says
September 28, 2023 3 min 434 words
这则报道揭示了一次严重的网络攻击事件,显示中国黑客成功侵入微软的电子邮件平台,并从美国国务院账户中窃取了数以万计的电子邮件。这一事件再次凸显了网络安全的重要性,尤其是在政府机构中。中国政府否认了这次指控,这导致了中美关系的进一步紧张。 报道中提到了一些关键信息,包括黑客窃取了来自10个国务院账户的6万封电子邮件,其中9个账户涉及东亚和太平洋地区事务,1个涉及欧洲事务。此外,黑客还获得了国务院电子邮件列表,这表明他们的入侵非常严重。 更令人担忧的是,黑客通过侵入微软工程师的设备来实施攻击,这揭示了供应商安全漏洞的问题。这引发了对政府在IT服务供应商方面的过度依赖的担忧,以及对多因素身份验证等安全措施的需求。 国会参议员Eric Schmitt的一位工作人员强调了必须强化对此类网络攻击和入侵的防御措施,同时也呼吁审视政府对单一供应商的依赖。微软则在此事件中面临批评,需要改进其安全实践。 总的来说,这一报道突显了网络安全在当今政治和国际关系中的关键作用,以及保护关键机构免受网络攻击的紧迫性。这也提醒我们,国际社会需要采取更多措施来应对此类威胁,同时也需要不断改进网络安全措施以保护重要信息和数据。
Chinese hackers who breached Microsoft's (MSFT.O) email platform this year managed to steal tens of thousands of emails from U.S. State Department accounts, a Senate staffer told Reuters on Wednesday.
The staffer, who attended a briefing by State Department IT officials, said the officials told lawmakers that 60,000 emails were stolen from 10 State Department accounts. Nine of those victims were working on East Asia and the Pacific and one worked on Europe, according to the briefing details shared via email by the staffer, who declined to be named.
The staffer works for Senator Eric Schmitt.
U.S. officials and Microsoft said in July that Chinese state-linked hackers since May had accessed email accounts at around 25 organizations, including the U.S. Commerce and State Departments. The extent of the compromise remains unclear.
U.S. allegations that China was behind the breach have strained an already tense relationship between the countries, as Beijing has denied the charges.
The State Department individuals whose accounts were compromised mostly focused on Indo-Pacific diplomacy efforts, and the hackers also obtained a list containing all of the department's emails, according to the Wednesday briefing.
The sweeping hack has refocused attention on Microsoft's outsize role in providing IT services to the U.S. government. The State Department has begun moving to "hybrid" environments with multiple vendor companies and improved uptake of multi-factor authentication, as part of measures to protect its systems, according to the officials at the briefing.
The hackers compromised a Microsoft engineer's device, which allowed them to breach the State Department's email accounts, according to the briefing.
Microsoft earlier this month said that a hack of senior officials at the U.S. State and Commerce Departments stemmed from the compromise of a Microsoft engineer's corporate account.
"We need to harden our defenses against these types of cyberattacks and intrusions," Schmitt said in a statement shared by the staffer in an email to Reuters following the briefing.
"We need to take a hard look at the federal government's reliance on a single vendor as a potential weak point," he said.
A Microsoft spokesman did not have an immediate comment on the Senate briefing. The company, which has faced criticism over its security practices since the breaches, has said that the hacking group behind them - dubbed Storm-0558 - had broken into webmail accounts running on the firm's Outlook service.
The State Department did not immediately return a message seeking comment on Wednesday, and Schmitt wasn't available for an interview.