By David Shepardson and Christopher Bing
WASHINGTON (Reuters) – U.S. Commerce Department Secretary Gina Raimondo was among a group of senior U.S. officials whose emails were hacked earlier this year by a group Microsoft says is based in China, according to a person briefed on the matter, as fallout from the digital theft continues to spread.
Secretary of State Antony Blinken made clear to China’s top diplomat Wang Yi in a meeting in Jakarta on Thursday that any action that targets the U.S. government, U.S. companies or American citizens “is of deep concern to us, and that we will take appropriate action to hold those responsible accountable,” said another source, a senior State Department official.
On Tuesday, Microsoft revealed that a stealthy Chinese hacking operation had exploited a secret flaw in a piece of the company’s authentication software in order to covertly break into email accounts belonging to 25 unnamed organizations.
Since the news broke, several victims in addition to the Commerce Department have acknowledged they were affected, including personnel at the State Department and U.S. House of Representatives. The intrusion activity began in May and continued for roughly one month.
The Chinese Ministry of Foreign Affairs called the accusations “disinformation” in a statement to Reuters earlier this week.
Raimondo’s department has implemented a series of export control policies against China, curbing the transfer of semiconductors and other sensitive technologies.
A Commerce Department spokesperson said on Wednesday that Microsoft had notified the agency of “a compromise to Microsoft’s Office 365 system, and the Department took immediate action to respond.” But the spokesperson declined to comment on an intrusion against Raimondo specifically.
A report by the U.S. inspector general’s office in March sharply criticized the Commerce Department’s “fundamental deficiencies” in its cybersecurity incident response program, saying it violated security procotols, did not properly use cyber-protection tools and poorly handled simulated cyberattacks.
A senior FBI official said on Wednesday that no classified information was taken during the hacking operation. The hacking was highly targeted, accessing only email inboxes and not destroying data.
(Reporting by David Shepardson, Christopher Bing and Simon Lewis in Washington; Editing by Matthew Lewis)