The Chinese hackers who breached senior US officials’ emails in May and June were able to do so by first stealing sensitive data from a Microsoft engineer, the company revealed Wednesday.

Multiple mishaps, including the crash of an internal Microsoft system in April 2021 and the hack of the engineer, gave the Chinese hackers coveted access to a cryptographic key that was later used to break into the US officials’ email accounts, the tech giant said in a blog post.

The statement sheds new light on a cyber-espionage campaign that has caused a furor in Washington. The hackers had breached the email accounts of US Ambassador to China Nicholas Burns and Commerce Secretary Gina Raimondo, in advance of Raimondo’s trip to China.

  • @WhatAmLemmy
    link
    English
    251 year ago

    This is why zero knowledge/access E2E encryption should be standard for most systems, especially those that store PII and comms.