A laptop showing lots of email notifications

(Image credit: Shutterstock)

When the Storm-0558 Chinese hackers breached Microsoft’s cloud-based Exchange email platform last May, they stole 60,000 unclassified emails from the employees of the US State Department.

The breach was confirmed at a recently held Senate staff briefing which added the compromised personnel were located in East Asia, the Pacific, and Europe, and focused mostly on Indo-Pacific diplomacy work. The threat actors also found a list of all the email accounts of the department. 

“We need to harden our defenses against these types of cyberattacks and intrusions in the future, and we need to take a hard look at the federal government’s reliance on a single vendor as a potential weak point,” Senator Eric Schmitt said in a statement.

Espionage and data theft

In a media conference, State Department spokesperson Matthew Miller stressed that classified systems were not breached. Discussing the attackers, it was said that the State Department would confirm Microsoft’s earlier conclusions that Storm-0558 was behind the intrusion.

“We have not made an attribution at this point, but, as I said before, we have no reason to doubt the attribution that Microsoft has made publicly. Again this was a hack of Microsoft systems that the State Department uncovered and notified Microsoft about.”

When the news of the hack first broke in mid-July 2023, it was reported that hackers gained access to some 25 accounts belonging to U.S. government employees. It was the State Department that tipped Microsoft off on the breach, and the software giant took a few weeks to discover exactly how the hackers obtained a consumer key that was necessary to pull the hack off. 

Storm-0558 is a threat actor usually focused on espionage, data theft, and credential access, against entities in Western Europe.

Via BleepingComputer

More from TechRadar Pro

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

[ For more curated tech news, check out the main news page here]

The post Chinese hackers stole 60,000 US government emails in Microsoft breach first appeared on

New reasons to get excited everyday.

Get the latest tech news delivered right in your mailbox

You may also like

Notify of
Inline Feedbacks
View all comments

More in Tech News