Chinese hackers tried to break into specific State Department email accounts in the weeks before Secretary of State Antony J. Blinken was due to travel to Beijing in June, U.S. officials said Wednesday.
An investigation into the efforts of Chinese hackers, who are likely affiliated with China’s military or espionage services, is ongoing, US officials said. But US officials have downplayed any notion that the hackers stole sensitive information, insisting that no classified email or cloud systems were breached. The State Department’s cybersecurity team discovered the intrusion first.
Several officials said the attack was aimed at individual email accounts, rather than a large-scale data exfiltration, which Chinese hackers are suspected to have done previously. Biden administration officials have refused to identify which officials were being targeted by the Chinese hackers.
Microsoft, which disclosed the hack on Tuesday, said the hack started in May, according to their investigation, and was discovered on June 16, just before Mr. Blinken’s trip to Beijing. He left Washington that evening. The trip was pivotal for both Washington and Beijing: It was the first visit to China by a US secretary of state in five years and was intended to establish high-level channels of communication and improve deteriorating relations. Since then, Treasury Secretary Janet L. Yellen has visited Beijing and John Kerry, the special climate envoy, plans to land there on Sunday for four days of talks.
President Biden and Xi Jinping, the Chinese leader, agreed at a meeting in Bali, Indonesia last November to try to stabilize relationships, but the two nations clashed when the Pentagon discovered and shot down a Chinese spy balloon floating over the continental United States in early February. Mr. Blinken canceled a trip to China during that episode, then publicly accused China a few weeks later of considering sending military aid to Russia for use in Ukraine.
A senior State Department official who spoke on condition of anonymity to discuss the sensitive incident said the hack did not initially appear to be directly related to the trip. Other officials warned that the investigation into what, if any, material was stolen by the hackers was still in its early stages.
In a statement Wednesday, the State Department said that after detecting « anomalous activity, » the government has taken steps to secure the systems and « will continue to closely monitor and respond rapidly to any further activity. »
After the State Department reported the hack to Microsoft, the company discovered that the hackers had also targeted about 25 organizations, including government agencies. Microsoft, which described the attack as hackers going after specific accounts rather than carrying out a wide-ranging intrusion, did not specify how many accounts it believes may have been compromised by Chinese hackers.
The United States and China are locked in an intensifying intelligence competition, with both governments looking to expand their collection on the other. US officials said that while such espionage and hacking is to be expected, they are conducting a robust investigation to shut down both the exploit Chinese hackers used against the State Department, as well as other potential security weaknesses in cloud computing.
The State Department is a frequent target of foreign government hacking. Russian intelligence has repeatedly targeted State Department computer networks. In 2014 and 2015, Russian hackers breached the State Department, the Joint Chiefs of Staff and the White House and other critical but unclassified computer networks.
