Sen. Eric Schmitt, R-Mo., is urging the Pentagon’s Cyber Command (CYBERCOM) unit to take an offensive stance against the Chinese hacking group who breached the State Department, Commerce Department, and House of Representatives emails earlier this year.
In a letter addressed to Lt. Gen. Timothy Haugh on Oct. 17 — CYBERCOM’s second-in-command — Rep. Schmitt argues that the United States has taken only a defense approach to protecting government networks for far too long.
“I believe the U.S. government should use all tools at its disposal to discourage and deter state-sponsored hacking groups from wreaking havoc on U.S. government information systems,” Sen. Schmitt wrote. “As opposed to simply patching vulnerabilities and going about regular business, it is time the United States takes the fight to the doorstep of malicious actors.”
In July, Chinese hackers – dubbed Storm-0558 – leveraged a flaw in Microsoft’s cloud services that allowed them to access email accounts of top U.S. officials, including Commerce Secretary Gina Raimondo.
It was later unveiled in September that the hackers leveraged a stolen Microsoft signing key used by the company to authenticate customers, allowing them to masquerade as Federal users of Microsoft’s email services and access officials’ inboxes. That stolen key was leaked in an April 2021 “crash dump” in which the contents of a computer’s memory and systems are recorded upon crashing.
The Cyber Safety Review Board – a component of the Department of Homeland Security – recently announced that it will assess the Microsoft Exchange Online intrusion and conduct a broader review of issues relating to cloud-based identity and authentication infrastructure.
“Through forceful deterrence in cyberspace, the United States will not only bolster its own cyber resilience, but it will also demonstrate the resolve of our Nation as we face an ever-evolving threat landscape on the digital battlefield and beyond,” Sen. Schmitt wrote in his letter to Haugh. “I support U.S. Cyber Command’s efforts to ensure our state-sponsored hacking groups like Storm-0558 are put on notice each time they attempt to conduct a Cyber-operation against the United States.”
The senator has requested a briefing from CYBERCOM on any previous, current, or future plans to disrupt Storm-0558 in retaliation for its successful hack of unclassified email systems within the Federal government before Nov. 15.