商务部长吉娜·雷蒙多的据一位熟悉调查的消息人士称,电子邮件被黑客攻击是微软网络入侵的一部分。
据微软称,该公司的Outlook系统遭到了中国黑客的入侵。漏洞是在5月份发现的。
雷蒙多的商务部一直在对中国实施制裁,她在5月会见了中国商务部部长,承诺改善关系。
这不是内阁级秘书的电子邮件第一次被侵入。前代理国土安全部部长查德·沃尔夫的电子邮件在2020年网络安全管理软件产品黑客事件中被泄露,这被广泛认为是美国历史上最严重的违规事件之一。
网络安全管理软件产品是由俄罗斯民族国家演员Nobelium实施的一次黑客攻击,微软在2021年表示.
雷蒙多是迄今为止唯一一位电子邮件遭到黑客攻击的内阁部长。
然而,美国国务院也受到了最近一次网络入侵的影响。
虽然国务院发言人马修·米勒(Matthew Miller)今天在讲台上对此次入侵事件说得不多,但知情官员表示,黑客攻击始于5月,但直到6月中旬才被发现,尽管当月早些时候国务院的电子邮件系统中存在广泛的问题——可能错过了警告信号。
商务部是第二个受到中国黑客攻击微软365的机构。
“微软通知该部门对微软的Office 365系统的妥协,该部门立即采取行动予以回应,”商务部发言人告诉美国广播公司新闻。“我们正在监控我们的系统,如果发现任何进一步的活动,我们将立即做出反应。该部门保持强大的网络安全保护,我们更新这些保护以应对快速发展的网络安全形势。”
在周二晚上发出的一份警报中,微软表示,中国能够获得25个组织的电子邮件数据。
“2023年6月16日,根据客户报告的信息,微软开始对异常邮件活动进行调查,”该警报写道。“在接下来的几周内,我们的调查显示,从2023年5月15日开始,Storm-0558获得了大约25个组织的电子邮件数据,以及少量可能与这些组织有关联的个人的相关消费者帐户。他们通过使用伪造的身份验证令牌来访问用户电子邮件,并使用获得的Microsoft account (MSA)消费者签名密钥来做到这一点。微软已经为所有客户缓解了这种攻击。”
美国联邦调查局(FBI)和网络安全与基础设施安全局(cyber Security and infra structure Security Agency)官员当天早些时候告诉记者,微软“迅速”采取行动,减轻了黑客攻击政府电子邮件造成的损害。
官员们说,这次袭击是有针对性的,持续了大约一个月。
“目标是故意的。这是一次范围有限的攻击,而不是像我们在其他类型的活动中看到的那样,试图危及广泛的组织或账户,”这位CISA官员说。
根据微软的说法,入侵电子邮件的对手是中国,但官员们没有给出任何美国政府的归属。
“由于微软阐明了从第一次已知入侵到微软补救该攻击媒介的时间大约为一个月,这并不意味着所有受害者的入侵持续时间为一个月。我们确实知道,有些不到一个月,有些是几天,”一名CISA高级官员说。
这位CISA官员说,在袭击中没有任何机密被泄露。
CISA和联邦调查局在周三的一份警告中详细说明了中国是如何实施攻击的。
“微软确定APT actors从少数账户中访问并泄露了非机密的Exchange Online Outlook数据,”该警告称。“APT参与者使用微软帐户(MSA)消费者密钥来伪造令牌,以冒充消费者和企业用户。Microsoft通过首先阻止使用获取的密钥颁发的令牌,然后替换密钥以防止继续误用来解决该问题。
周四,中国外交部发言人王文斌被问及微软声称中国是黑客攻击的幕后黑手。他没有回应这一说法,而是回应称美国是“世界上最大的黑客帝国和全球网络窃贼”。
Commerce Secretary Gina Raimondo's emails hacked in Microsoft cyber breach: Source
Commerce Secretary Gina Raimondo's emails were hacked as part of the Microsoft cyber breach, according to a source familiar with the investigation.
Microsoft's Outlook systems were breached by Chinese hackers, according to the company. The breach was discovered in May.
Raimondo’s Commerce Department has been imposing sanctions on China, and she met with her Chinese counterpart in May, promising better relations.
This isn't the first time a cabinet-level secretary's emails were breached. The emails of former Acting Secretary of Homeland Security Chad Wolf were compromised during the SolarWinds hack of 2020, which is widely considered one of the worst breaches in U.S. history.
SolarWinds was a hack that was carried out by the Russian nation-state actor Nobelium, Microsoft said in 2021.
Raimondo is the only cabinet secretary so far to have their emails hacked in this particular breach.
The State Department, though, was also impacted by the latest cyber breach.
While State Department spokesperson Matthew Miller could say little more about the breach from the podium today, officials familiar with the matter say the hack began in May but was not identified until mid-June, even though there were widespread issues within the department’s email systems earlier that month -- potentially missed warning signs.
The Department of Commerce is the second agency impacted by the Microsoft 365 hack by the Chinese hackers.
“Microsoft notified the Department of a compromise to Microsoft’s Office 365 system, and the Department took immediate action to respond,” a commerce department spokesperson told ABC News. “We are monitoring our systems and will respond promptly should any further activity be detected. The Department maintains strong cyber security protections, which we update to address a rapidly evolving cyber security landscape.”
In an alert sent Tuesday night, Microsoft said China was able to gain email data from 25 organizations.
"On June 16, 2023, based on customer reported information, Microsoft began an investigation into anomalous mail activity," the alert read. "Over the next few weeks, our investigation revealed that beginning on May 15, 2023, Storm-0558 gained access to email data from approximately 25 organizations, and a small number of related consumer accounts of individuals likely associated with these organizations. They did this by using forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key. Microsoft has completed mitigation of this attack for all customers."
FBI and Cybersecurity and Infrastructure Security Agency officials told reporters earlier in the day that Microsoft acted “swiftly” to mitigate the damage done by the hacking of government emails.
The attack, officials said, was targeted and lasted for about a month.
“The targeting was intentional. This was an attack that was limited in scope and was not an attempt to compromise a broad array of organizations or accounts, as we have seen in other types of campaigns,” the CISA official said.
The adversary that hacked the emails is China, according to Microsoft, but officials did not give any U.S. government attribution.
“As Microsoft has articulated the timeline from the first known intrusion to the time when Microsoft remediated this attack vector was approximately one month, that does not mean that the duration of the intrusion for all victims was one month. And we do understand that some were shorter than one month, in some cases a number of days,” a senior CISA official said.
The CISA official said there was nothing classified that was compromised during the attack.
CISA and the FBI went into detail about how the Chinese carried out the attack in an alert on Wednesday.
“Microsoft determined that APT actors accessed and exfiltrated unclassified Exchange Online Outlook data from a small number of accounts,” the alert read. “The APT actors used a Microsoft account (MSA) consumer key to forge tokens to impersonate consumer and enterprise users. Microsoft remediated the issue by first blocking tokens issued with the acquired key and then replacing the key to prevent continued misuse.”
On Thursday, China’s Foreign Ministry spokesperson Wang Wenbin was asked about Microsoft’s claims that China is behind the hacking. He did not address the claim, but instead responded by claiming the U.S. is “the world’s biggest hacking empire and global cyber thief.”
