Updates to our Terms of Use

We are updating our Terms of Use. Please carefully review the updated Terms before proceeding to our website.

Wednesday, April 23, 2025

View Back issues

State Department hacked by China-based group

More than two dozen entities were infiltrated in May and June.

WASHINGTON (CN) — The State Department is among more than two dozen entities in the U.S. and Western Europe that were infiltrated by China-based hackers in May and June.

The State Department confirmed Wednesday that it reported the hack to Microsoft in June.

State Department spokesperson Matthew Miller said officials detected “anomalous activity” but haven’t made a public determination of the hackers.

“We took immediate steps to secure our systems and took immediate steps to notify Microsoft of the event,” he said at a briefing Wednesday.

While Miller did not confirm the culprit, Microsoft said it was a “China-based threat actor” called Storm-0558, which “primarily targets government agencies in Western Europe and focuses on espionage, data theft and credential access.”

Senator Mark Warner, chair of the Senate Intelligence Committee, said the hack was a “significant cybersecurity breach” attributed to “Chinese intelligence.”

“It’s clear that the [People’s Republic of China] is steadily improving its cyber collection capabilities directed against the U.S. and our allies,” the Virginia Democrat said in a statement. “Close coordination between the U.S. government and the private sector will be critical to countering this threat.”

Miller wouldn’t provide specifics on the breach, but broadly described “anomalous activity” as “activity in which an actor is attempting to or successful in breaching our systems.” He would not say if the hackers were successful, but a Microsoft press release said the hacker “gained access to email accounts.”

Microsoft determined Storm-0558 the breaches started on May 15, but weren’t reported until June 16. The report came in shortly before Secretary of State Antony Blinken traveled to Beijing to meet with Chinese President Xi Jinping on June 18.

The Cybersecurity and Infrastructure Security Agency didn’t identify which entitles had been affected, but said data was stolen only “from a small number of accounts.”

The hack came shortly after Microsoft warned that a different hacking entity, which it defined as sponsored by the Chinese government, had attacked “critical” cybersecurity infrastructure.

Senator Marco Rubio, vice chair of the Senate Intelligence Committee, used the hack as evidence that China “is an increasingly aggressive bad actor.”

“The U.S. must be clear eyed to the threat,” the Florida Republican wrote on Twitter. “We also need to work closely with the private sector and our allies in defending against Chinese cyber espionage and attack capabilities worldwide.”

Categories / Government, International, Technology

Subscribe to our free newsletters

Our weekly newsletter Closing Arguments offers the latest about ongoing trials, major litigation and rulings in courthouses around the U.S. and the world, while the monthly Under the Lights dishes the legal dirt from Hollywood, sports, Big Tech and the arts.

Loading...