Hackers hacked into the two officials’ unclassified email accounts, the people said. Both were granted anonymity because they were not authorized to speak publicly about the matter.
Microsoft blamed the espionage on China, but the US government hasn’t officially named a culprit.
The Wall Street Journal was the first to report that hackers gained access to Burns’ and Kritenbrink’s mailboxes. The Washington Post previously reported that Commerce Secretary Gina Raimondo’s email was among those hacked.
Spokespersons for the National Security Council and the Cybersecurity and Infrastructure Security Agency did not respond to a request for comment. A State Department spokesman declined to comment.
It’s unclear what information the hackers got their hands on and how valuable it may have been. But the spy campaign, which began in May, appears to have overlapped with a period of high-stakes diplomacy between the US and China.
During that time, officials reportedly laid the groundwork for Secretary of State Antony Blinken’s mid-June trip to Beijing, along with visits this month by Treasury Secretary Janet Yellen and climate envoy John Kerry.
Security experts argued that the campaign was technically proficient and demonstrates an acceleration in Beijing’s digital espionage capabilities.
« The tactics of Chinese cyber-espionage operators have steadily evolved to become more agile, more stealthy, and more complex to ascribe » over the past decade, researchers at cybersecurity firm Mandiant she wrote in a blog post on Tuesday.
However, the revelations also raise new questions about the scale and severity of the incident and how much of the blame lies with Microsoft.
On Wednesday, Microsoft offered existing customers a set of improved digital forensics tools, following US officials’ frustration that the high price it placed on basic security products had prevented many low-cost victims from detecting the breach.
Some lawmakers argued that even that gesture was too little, too late.
« It’s inconceivable that two years after the SolarWinds hack, Microsoft was still charging federal agencies for critical security features, » said Sen. Ron Widen (D-Hours.) said in a statement. « Our national security depends on making cybersecurity a critical part of the software contracting process. »
Microsoft declined to comment on this story.