China successfully accessed US ambassador Nicholas Burns’s emails in ‘sophisticated’ hacking attack

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails

Sign up to our free breaking news emails

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

China-based hackers reportedly accessed US ambassador Nicholas Burns's email account in a sophisticated espionage operation that is believed to have compromised thousands of American government emails.

The hackers were also able to access the email account of Daniel Kritenbrink, the assistant secretary of state for East Asia, the Wall Street Journal reported, citing people familiar with the matter.

The Joe Biden administration last week admitted the email account of the commerce secretary Gina Raimondo had also been compromised. However, the State Department has refused to share additional information, citing "security reasons".

The alleged Chinese hackers have since May secretly accessed email accounts at around 25 organisations, including US government agencies, Microsoft and US officials have said.

Mr Kritenbrink was previously asked at a congressional hearing on US-China policy whether he could rule out that his or his staff's emails were targeted in the hack.

He then said he couldn't comment on "an investigation that's underway being conducted by the FBI" but "will not rule it out".

The Chinese government has repeatedly denied any form of state-sponsored hacking, alleging that Beijing itself was a frequent target of cyberattacks.

"China firmly opposes and combats cyber attacks and cyber theft in all forms. This position is consistent and clear," Liu Pengyu, spokesperson for China's embassy in Washington, told Reuters.

"Identifying the source of cyber attacks is a complex technical issue. We hope that relevant sides will adopt a professional and responsible attitude ... rather than make groundless speculations and allegations."

Microsoft claimed that Chinese hackers, which it identified as Storm-0558, misappropriated one of its digital keys and used a flaw in its code to steal emails of US government officials and other clients.

The company in a statement on Thursday said it was taking the criticism on board.

The White House last week said an intrusion in Microsoft's cloud security "affected unclassified systems," without elaborating. "Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service," National Security Council spokesperson Adam Hodge said.

The hacking row was reportedly raised by secretary of state Antony Blinken during a meeting with top Chinese diplomat Wang Yi last week.

“I can’t discuss details of our response. Beyond that, and most critically, this incident remains under investigation,” Mr Blinken said at a news conference in Jakarta.

Last month, Google-owned cybersecurity firm Mandiant said suspected state-backed Chinese hackers broke into the networks of hundreds of public and private sector organizations globally by using a security hole in a popular email security tool.

The attack exploited a vulnerability in a Barracuda Networks email system and targeted foreign ministries in Southeast Asia, other government agencies, trade offices and academic organizations in Taiwan and Hong Kong, according to Mandiant.