The House Committee on Oversight and Accountability is investigating how the State and Commerce departments responded to a cyberattack that successfully gained access to unclassified government email accounts of top-level officials.
Congress has launched an investigation into recent cyber espionage campaigns allegedly linked to China that led to the successful breach of several government email accounts within the State and Commerce departments.
In separate letters sent Wednesday to Commerce Secretary Gina Raimondo and Secretary of State Antony Blinken, Republican leaders of the House Committee on Oversight and Accountability requested briefings from both officials on the discovery, impact and response to the intrusions.
A senior Cybersecurity and Infrastructure Security Agency official described the cyberattacks as a "surgical campaign" on a phone call with reporters in July after news of the breach was first reported.
Microsoft previously released a report that said a China-based cybercriminal gained access to an unspecified number of unclassified government email accounts through forged authentication tokens and a flaw in its cloud-computing environment that has since been patched.
The letters note that the breach began on May 15 "and operated in stealth for more than a month" before Microsoft began its own investigation into the espionage campaign.
"China appears to be graduating from 'smash and grab heists' that used to be 'noisy' and 'rudimentary' to a level described by security experts as 'among the most technically sophisticated and stealthy ever discovered,'" the letters said. "The incident even raises the possibility that Chinese hackers may be able to access high-level computer networks and remain undetected for months if not years."
State Department spokesperson Matthew Miller told reporters last month that the agency "took immediate steps to secure our systems" and notified Microsoft of the breach, though he declined to specify the exact date that the intrusion was detected. Miller also declined to indicate whether the breach was connected with Secretary Blinken's recent trip to China.
The intrusions have been associated with a China-based actor known as Storm-0558. According to Microsoft, the cyberattack successfully gained access to email accounts at approximately 25 separate organizations through the company's Outlook Web Access in Exchange Online and Outlook.com.
"This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems," Microsoft said in an announcement about the hack.
The letters also note that the hack further underscores a warning about China included in the National Cybersecurity Strategy released earlier this year, which calls the country "the broadest, most active, and most persistent threat to both government and private sector networks."
Separately, Sen. Ron Wyden, D-Ore, wrote to the heads of the Department of Justice, the Federal Trade Commission and CISA on July 27 to request a probe into Microsoft's cybersecurity practices that, he says, facilitated the espionage campaign.
"This is not the first espionage operation in which a foreign government hacked the emails of United States government agencies by stealing encryption keys and forging Microsoft credentials," Wyden noted in his letter. The lawmaker detailed multiple problems with the company's methods of securing encryption keys and said, "that these flaws were not detected raises questions about what other serious cybersecurity defects these auditors also missed."
A spokesperson for Wyden told Nextgov/FCW on Monday that the three agencies had yet to respond to the senator's letter.