Mandel Ngan/AFP/Getty Images
Nicholas Burns testifies before the Senate Foreign Relations Committee confirmation hearing on his nomination to be Ambassador to China, on Capitol Hill in Washington, DC, on October 20, 2021.
China-based hackers breached the email account of US Ambassador to China Nicholas Burns as part of a recent targeted intelligence-gathering campaign, three US officials familiar with the matter told CNN.
The hackers also accessed the email account of Daniel Kritenbrink, the assistant secretary of State for East Asia, who recently traveled with Secretary of State Antony Blinken to China, the people said.
The news, first reported by the Wall Street Journal, adds to the fallout for the US of the alleged Chinese hack first revealed last week. The hackers also infiltrated the emails of Commerce Secretary Gina Raimondo, CNN previously reported.
US officials have consistently labeled China as the most advanced of US adversaries in cyberspace, a domain that has repeatedly been a source of bilateral tension in recent years. The FBI has said Beijing has a larger hacking program than all other governments combined.
The hackers breached the unclassified US government email system, and US officials generally operate with the assumption that anything on the unclassified network can be hacked. Still, the Biden administration believes that the Chinese hacking operation gave Beijing insights about US thinking heading into Blinken’s high-stakes trip to China in June, CNN has reported.
Blinken raised the issue of the hacking incident in a meeting with top Chinese diplomat Wang Yi last week, a senior State Department official said.
Last week when Blinken was asked about the hack – before it was reported that Burns and Kritenbrink emails’ had been accessed – he would not say how the United States intends to respond.
“I can’t discuss details of our response. Beyond that, and most critically, this incident remains under investigation,” Blinken said at a news conference in Jakarta, Indonesia.
In response to Microsoft’s assessment that China-based hackers were behind the activity, the Chinese foreign ministry accused Washington of conducting its own hacking operations.
The hacking began in mid-May, when the China-based hackers used a stolen sign-in key to burrow their way into email accounts, according to Microsoft.
The hackers had a month head start on US government responders. A State Department analyst in mid-June noticed unusual cyber activity on the department’s computer systems and alerted Microsoft to the issue, according to multiple sources.
Senior cyber officials at the State Department and the US Cybersecurity and Infrastructure Security Agency (CISA) raced to figure out how serious the breach was.
“We don’t know exactly what’s going on, but we know there’s a problem,” one US official told CNN, summarizing how the State Department sounded the alarm to other agencies.
Eric Goldstein, a senior CISA official, told CNN he fielded calls about the hack while on a weekend getaway out of Washington with his children.
“The critical work that [the State Department does] conduct on behalf of the American people” made it important to understand how serious the hack was, Goldstein said.
CISA’s engineers used a simulation lab to test different theories of how the hackers might have gotten into the State Department email accounts, he told CNN.
The fact that US officials and Microsoft analysts initially had trouble identifying how the hackers got into the email accounts told US officials they were dealing with a sophisticated hacking team, the other US official told CNN.