Members of the House Oversight and Accountability Committee are launching an investigation into recent China-based cyber espionage campaigns that breached the email systems of Federal agencies, including the Department of State and the Department of Commerce.
Oversight Chairman James Comer, R-Ky., Cybersecurity, Information Technology, and Government Innovation subcommittee Chairwoman Nancy Mace, R-S.C., and National Security, the Border, and Foreign Affairs subcommittee Chairman Glenn Grothman, R-Wis., sent letters today to Secretary of State Antony Blinken and Secretary of Commerce Gina Raimondo, requesting a briefing to understand the extent of the breach.
“According to recent reports, as part of a ‘suspected cyber-espionage campaign to access data in sensitive computer networks’ by China, the breaches reportedly occurred at over two dozen organizations, including some U.S. government agencies. We request a briefing on the discovery of, impact of, and response to the intrusion,” the lawmakers wrote.
The hackers leveraged a flaw in a Microsoft cloud-computing environment to gain access to the email accounts. Specifically, they gained access using Outlook Web Access in Exchange Online (OWA) and Outlook.com by forging authentication tokens to access user emails.
Secretary Raimondo’s email account was among those accessed by the hackers.
Microsoft said it has since completed mitigation of this attack for all customers. The company identified the attacker as a China-based threat actor that it follows under the name Storm-0558. The attacker targets customer emails, primarily “agencies in Western Europe,” and mostly focuses on espionage, data theft, and credential access, Microsoft said.
“We are also concerned that these attacks on Federal agencies, which include at least the Department of Commerce and the Department of State, reflect a new level of skill and sophistication from China’s hackers,” the lawmakers wrote.
“To help the subcommittees understand the discovery of the intrusion, impact of the intrusion at the department, how the department responded, and what the department is doing to ensure the continued security of its email and overall information systems, we request a staff briefing as soon as possible but no later than August 9, 2023,” they concluded.
The House lawmakers’ request comes after a bipartisan group of 14 senators sent a letter to the State Department last week with a similar request. The senators asked for more information on the breach, including which State Department officials were compromised during the cyber-espionage campaign.
Sen. Ron Wyden, D-Ore., has also demanded more answers regarding the breach. The senator sent a letter to several Federal officials late last month that calls on the Department of Justice (DoJ) and two civil regulators to open separate probes into Microsoft’s cybersecurity practices after the high-level hack.