Chinese hackers tried to penetrate specific State Department email accounts in the weeks before Secretary of State Antony J. Blinken traveled to Beijing in June, U.S. officials said on Wednesday.
The investigation of the efforts by the Chinese hackers, who likely are affiliated with China’s military or spy services, is ongoing, American officials said. But U.S. officials have downplayed the idea that the hackers stole sensitive information, insisting that no classified email or cloud systems were penetrated. The State Department’s cybersecurity team first discovered the intrusion.
Multiple officials said the attack was targeted at individual email accounts, rather than a large-scale exfiltration of data, which Chinese hackers are suspected of having done before. Biden administration officials declined to identify which officials had been targeted by the Chinese hackers.
Microsoft, which disclosed the hack on Tuesday, said that the hack began in May, according to their investigation, and was discovered on June 16, just ahead of Mr. Blinken’s trip to Beijing. He departed from Washington that evening. The trip was critical for both Washington and Beijing: It was the first visit to China by a U.S. secretary of state in five years and was aimed at establishing high-level channels of communication and improving deteriorating relations. Since then, Treasury Secretary Janet L. Yellen has visited Beijing, and John Kerry, the special climate envoy, plans to land there on Sunday for four days of talks.
President Biden and Xi Jinping, China’s leader, agreed in a meeting in Bali, Indonesia, last November to try to stabilize relations, but the two nations clashed when the Pentagon discovered and shot down a Chinese spy balloon that was floating over the continental United States in early February. Mr. Blinken canceled a trip to China during that episode, then publicly accused China a few weeks later of considering sending military aid to Russia for use in Ukraine.
One senior State Department official who spoke on the condition of anonymity to discuss the sensitive incident said the hack did not initially appear to be directly related to the trip. Other officials cautioned that the investigation into what material, if any, was stolen by the hackers was still in the early stages.
In a statement on Wednesday, the State Department said that after detecting “anomalous activity” the government took steps to secure the systems and “will continue to closely monitor and quickly respond to any further activity.”
After the State Department reported the hack to Microsoft, the company found that the hackers had also targeted some 25 organizations, including government agencies. Microsoft, which described the attack as hackers going after specific accounts rather than carrying out a broad-brush intrusion, did not say how many accounts it believes might have been compromised by the Chinese hackers.
The United States and China are locked in an intensifying intelligence competition, with both governments trying to expand their collection on the other. U.S. officials said that while such espionage and hacking is to be expected, they are conducting a robust investigation to close both the exploit the Chinese hackers used against the State Department as well as other potential security weaknesses in cloud computing.
The State Department is a frequent target of foreign government hacking. Russian intelligence has taken repeated aim at State Department computer networks. In 2014 and 2015, Russian hackers breached the State Department, the Joint Chiefs of Staff and the White House and other critical, but unclassified, computer networks.