Chinese hackers breach US government — exploiting Microsoft’s cloud-based security, gaining access to officials’ email accounts from multiple US agencies dealing with China. According to US officials, Chinese hackers breach US government using a sophisticated cyber attack just before Secretary of State Antony Blinken’s scheduled visit to Beijing last month.
The targeted espionage operation, which took place in mid-June, was discovered by the State Department. Although the breached systems were not classified, the incident has raised concerns within the Biden administration about the Chinese government gaining insights into US thinking ahead of Blinken’s crucial visit.
Chinese hackers breach US government
Chinese hackers breach US government by exploiting a vulnerability in Microsoft products, which allowed threat actors to remote code execution. The hackers in this cyber espionage are believed to have ties to China and utilized phishing websites that imitated legitimate software installers.
They aimed to access sensitive data from various government organizations. The phishing emails containing an Office document enabled the execution of remote code. However, the exploit required users to open the Office document for it to take effect. It is believed that the Chinese hackers breach US government for cyber espionage activities.
Microsoft’s Patch Tuesday for July addressed a total of 132 vulnerabilities, including several that had been exploited in the wild. Of these vulnerabilities, six were zero-day flaws. The vulnerabilities addressed affected Microsoft products such as Office, Components, Windows Layer-2 Bridge Network Driver, Windows Media, Microsoft Power Apps, and Windows Message Queuing.
Chinese hackers breach US government and exploited Microsoft’s vulnerability
The Chinese hackers breach US government using some exploited vulnerabilities, such as CVE-2023-32046, CVE-2023-32049, CVE-2023-35311, and CVE-2023-36874, as highlighted in a CISA advisory. The July Patch Tuesday also introduced DEFENSE-IN-DEPTH updates with ADV230001 and another for the Trend Micro EFI Modules – ADV230002.
The Chinese hackers breach US government and exploited the Microsoft vulnerability using a campaign, which took place in mid-May and was discovered around Blinken’s visit, only compromised an unclassified system. US officials generally assume that unclassified systems are vulnerable to hacking. While the breach provided limited access, the Chinese hackers gained additional knowledge from private discussions among US officials before Blinken’s visit.
Microsoft began investigating the breach on June 16, the same day Blinken left for his trip to Beijing. While the Chinese hackers breach US government to get more information on the events happening around the US, the US government has not disclosed the full extent of the breach conducted by Chinese hackers but has clarified that any actions targeting US government entities, companies, or citizens are of significant concern. Secretary Blinken raised the issue during a meeting with Chinese official Wang Yi in Indonesia, emphasizing the need for appropriate responses to such actions.
The State Department detected anomalous activity in June and promptly took measures to secure its systems and inform Microsoft of the incident. While the investigation is ongoing, the department continues to monitor its networks and update its security procedures in line with cybersecurity policies.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
