The hack of Microsoft’s cloud that resulted in government emails being compromised was an example of a traditional espionage threat, a senior National Security Agency official said.
Speaking at the Aspen Security Forum, Rob Joyce, the NSA’s director of cybersecurity, said the United States must protect its networks from such espionage, but that adversaries will continue to try to steal information from each other in secret.
“It’s China doing espionage,” Joyce said. “It’s what nation states do. We must defend against it, we must resist it. But that’s something that happens.”
The hackers took emails from senior State Department officials, including Nicholas Burns, the US ambassador to China. The theft of Mr. Burns’ emails was previously reported by The Wall Street Journal and confirmed by a person familiar with the matter.
Commerce Secretary Gina Raimondo’s emails were also obtained in the hack, which was discovered in June by State Department cybersecurity experts who were searching user logs for unusual activity. Microsoft later determined that Chinese hackers had gained access to email accounts a month earlier.
In a new deal with the Cybersecurity and Infrastructure Security Agency announced on Wednesday, Microsoft agreed to give more users access to cloud computing logs so they can hunt for unusual activity or potential hacks.
Hundreds of thousands of emails have been compromised, but US officials have described the attack as a targeted attack that used a compromised security key to enter selected Microsoft Outlook mailboxes.
Mr Joyce said the attackers could pose as authorization to read those emails.
In addition to Joyce, Microsoft president Brad Smith said the attack demonstrated China’s “growing sophistication”.
But both Mr Joyce and Mr Smith said the hack announced last week was less of a concern than a broader breach Microsoft, the NSA and the Cybersecurity and Infrastructure Security Agency announced in May. That intrusion, which affected networks in Guam and elsewhere, placed malware in critical infrastructure and some unclassified military systems. Such cyberweapons could be used if tensions between the United States and China over Taiwan escalate.
In the hack announced last week, US officials said Secretary of State Antony J. Blinken’s emails were not compromised. In a statement last week, Mr Blinken said the incident is still under investigation.
“Overall, we have consistently made it clear to both China and other countries that any action directed against the US government or US companies, US citizens, is of great concern to us, and we will take appropriate action in response,” Mr Blinken said.
Edward Wong in Washington contributed reporting.
