Suspected Chinese spies, who read State Department email, also hacked GOP Congressman

WASHINGTON D.C: Suspected Chinese hackers, who forged Microsoft customer identities to read the emails of State Department employees, have hacked into the personal and campaign emails of Don Bacon’s Republican from Nebraska on the House Armed Services Committee. On the social media account, X (formerly known as Twitter), Bacon said on Tuesday, “I thank the FBI for notifying me that the CCP hacked into my personal and campaign emails from May 15th to June 16th of this year. The CCP hackers utilized a vulnerability in the Microsoft software, and this was not due to user error.”

Thus, there were other victims in this cyber operation. The Communist government in China are not our friends and are very active in conducting cyber espionage. I’ll work overtime to ensure Taiwan gets every dollar of the USD 19B in weapons backlog they’ve ordered, and more,” he said in a tweet. Meanwhile, Bacon connected with The Washington Post by a text message saying that he is a big proponent of Taiwan and he suspects that they would like information to embarrass him or to undercut him politically.

A month ago, the US government and private sources told The Washington Post that the Chinese hackers hacked into several accounts including Commerce Secretary Gina Raimondo, unnamed State Department employees, a human rights advocate and think tanks.

They also said that a congressional staffer had been targeted. Bacon told The Post he was notified of the hacking only Monday, which suggests that new victims are still being discovered. The FBI said it would have no comment. Microsoft did not respond to a request for comment.

Officials have described the spying as traditional espionage of the sort expected by all sides. It was about the observation of issues of special concern, such as the US response to escalating tensions between the autonomous island of Taiwan and China, which claims it. But the breach has alarmed experts as it was unclear how the government could have prevented it while relying exclusively on Microsoft for cloud, email and authentication services, as per The Washington Post. Microsoft has said that the hackers obtained powerful signing keys they needed to create verified customer identities that could sidestep multifactor authentication. Combined with other Microsoft failings, millions of people could have been exposed to attack.

Officials have said that only a couple dozen entities were impersonated before the State Department found suspicious behaviour in its activity logs. Microsoft was then able to search its own logs for the master key that the hackers had obtained and block future access. After the hacking issue was exposed, several members of Congress demanded that federal agencies explain how they plan to combat similar attacks in the future and that Microsoft make logs more widely available, which it agreed to do, reported The Washington Post. Senator Ron Wyden (D-Ore.) has gone further, asking the Justice Department and Federal Trade Commission to investigate whether Microsoft’s security practices were so poor as to be in violation of laws or its 20-year-old FTC consent decree requiring better security after the breach of what was then its single sign-on tool for authentication, Passport.

Wyden also urged the Department of Homeland Security to have its two-year-old Cyber Safety Review Board examine the Microsoft cloud breach. Last week, the board said it would take up the task