Wednesday, June 19, 2024

Chinese-Origin Hackers Breach US Government Systems

China is now regarded as the most technically advanced cyber adversary by US officials.

In mid-May, we and the security community reported on a noteworthy hacking campaign, orchestrated by Chinese hackers who successfully infiltrated several US government email accounts, including those belonging to federal agencies like the State Department and the Department of Commerce. Although the scale of the breach campaign was relatively small, its impact on unclassified systems raised concerns due to the targeted nature of the attacks, aimed at high-level individuals for espionage purposes.

See our original report of the incident:

A crucial role in identifying the Chinese hackers behind the breach was played by Microsoft’s threat research team. They managed to trace the origin of the attack and discern the specific information sought by the hackers. Interestingly, the attackers strategically employed forged authentication tokens to gain unauthorized access to high-level government email accounts across various agencies.

Predictably, China vehemently denied these accusations and instead accused the US government of engaging in aggressive hacking campaigns. Such a tit-for-tat response is not uncommon in the realm of cyber warfare, as both nations seek to gain advantages through their hacking capabilities.

Microsoft described the hackers’ modus operandi as “surgical,” signifying their method of precisely targeting specific individuals for espionage purposes. The attackers exploited a stolen Microsoft account consumer signing key to forge authentication tokens for government email accounts of interest. This allowed them to access emails via Outlook’s web feature (OWA) and Fortunately, Microsoft acted swiftly, blocking the forged tokens and replacing the MSA key to neutralize further attacker activities.

Recommended:  New Proposals for UK's Computer Misuse Act

Due to their sophisticated tactics, China is now regarded as the most technically advanced cyber adversary by US officials. This incident serves as a stark reminder of the ongoing cybersecurity challenges faced by governments and organizations worldwide, highlighting the importance of vigilance and continuous efforts to enhance cybersecurity measures.

This article is largely based on the orginal article that first appeared on CentralEyes.

Read the original post at:

Suggest an edit to this article

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Cybersecurity Knowledge Base


Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates