The Biden administration believes that a Chinese hacking operation which breached US government email systems, including the State Department, gave the Chinese government insights about US thinking heading into Secretary of State Antony Blinken’s trip to Beijing in June, according to two US officials.
The hack – which Microsoft said was launched in mid-May – was discovered by the State Department right around the time of Blinken’s visit to Beijing, officials said. But it was not immediately clear that China was behind it and it was not widely known about within the department, they said.
The news that the hack allowed China to access information ahead of a crucial visit that US officials hoped would start a reset of relations after months of tensions underlines the complexities of modern diplomacy but it’s unlikely to shock US officials who are well aware that two major global powers spy on each other’s communications.
On Friday, Blinken would not say how the United States intends to respond to China’s hacking operation.
“I can’t discuss details of our response. Beyond that, and most critically, this incident remains under investigation,” Blinken said at a news conference in Jakarta, Indonesia.
“As a general matter, we have consistently made clear to China as well as to other countries, that any action that targets US government or US companies, American citizens is of deep concern to us, and we will take appropriate action in response,” Blinken added.
US officials have consistently labeled China as the most advanced of US adversaries in cyberspace, a domain that has repeatedly been a source of bilateral tension in recent years. The FBI has said Beijing has a larger hacking program than all other governments combined.
China has routinely denied the allegations.
China has long accused US intelligence agencies of conducting their own cyber-espionage against Chinese assets. Classified US documents leaked by former National Security Agency contractor Edward Snowden a decade ago claim that the NSA made extensive efforts to infiltrate Chinese telecom company Huawei’s equipment to spy on intelligence targets.
Microsoft Executive Vice President Charlie Bell said that the company began investigating after customer reports came into the company on June 16 – the same day that Blinken departed the US for his trip to Beijing.
The amount that China was able to learn from the hack was limited because it only breached an unclassified system, and US officials generally operate with the assumption that anything on the unclassified systems can be hacked. Still, it provided the Chinese government with additional knowledge from the private discussions of US officials heading into Blinken’s visit.
Another target of the hack, Commerce Secretary Gina Raimondo is also expected to soon visit China.
The State Department did not immediately respond to a request for comment.
Blinken “raised” the issue of the hack in a meeting with top Chinese official Wang Yi in Indonesia on Thursday, a senior State Department official said.
“He made clear that any action that targets US government, US companies, US citizens is a big concern and we’ll respond appropriately,” the official told press traveling with Blinken.
The official said they would not “get into the specifics” of the extent to which the hack was raised in Blinken’s meeting with Wang, nor would they characterize the US or Chinese response.
“We have consistently made clear that any action that targets US government, US companies, American citizens, is a deep concern to us and that we will take appropriate action to hold those responsible accountable and the secretary made that clear again tonight,” the official said.
On Wednesday State Department Spokesperson Matt Miller said that the department had “detected anomalous activity” in June. He said the department immediately took steps to secure the system and notify Microsoft of the event.
“As a matter of cybersecurity policy, we do not discuss the details of our response. The incident remains under investigation, and we continuously monitor our networks and update our security procedures,” Miller added.