Chinese hackers tried to break into specific State Department email accounts in the weeks before Secretary of State Antony J. Blinken traveled to Beijing in June, US officials said on Wednesday.
The investigation into the efforts of the Chinese hackers, who are believed to be affiliated with China’s military or intelligence services, is ongoing, US officials said. But US officials played down the idea that the hackers stole sensitive information, insisting that no confidential emails or cloud systems had been penetrated. The State Department’s cybersecurity team first discovered the intrusion.
Multiple officials said the attack was aimed at individual email accounts, rather than large-scale exfiltration of data, which Chinese hackers are suspected of doing in the past. Biden administration officials declined to identify which officials were targeted by the Chinese hackers.
Microsoft, which disclosed the hack on Tuesday, said the hack began in May, according to their investigation, and was discovered on June 16, just before Mr. Blinken’s trip to Beijing. He left Washington that evening. The trip was critical for both Washington and Beijing: It was the first visit to China by an American secretary of state in five years and was aimed at establishing high-level channels of communication and improving deteriorating relations. Since then, Treasury Secretary Janet L. Yellen has visited Beijing, and John Kerry, the special climate envoy, plans to land there on Sunday for four days of talks.
President Biden and Xi Jinping, leader of China, agreed in a meeting in Bali, Indonesia, last November to try stabilize relationships, but the two nations clashed when the Pentagon discovered and shot down a Chinese spy balloon that floated over the continental United States in early February. Mr. Blinken canceled a trip to China during that episode, then publicly accused China a few weeks later of considering sending military aid to Russia for use in Ukraine.
One senior State Department official, who spoke on condition of anonymity to discuss the sensitive incident, said the hack did not initially appear to be directly related to the trip. Other officials cautioned that the investigation into what, if any, material was stolen by the hackers is still in the early stages.
In a statement on Wednesday, the State Department said that after detecting “abnormal activity,” the government took steps to secure the systems and “will continue to closely monitor and rapidly respond to any additional activity.”
After the State Department reported the hack to Microsoft, the company found that the hackers also targeted about 25 organizations, including government agencies. Microsoft, which described the attack as hackers targeting specific accounts rather than carrying out a broad intrusion, did not say how many accounts it believes may have been compromised by the Chinese hackers.
The United States and China are locked in an intensifying intelligence competition, with both governments trying to expand their collection on the other. US officials said that while such spying and hacking is expected, they are conducting a robust investigation to close down both the exploit the Chinese hackers used against the State Department as well as other potential security weaknesses in cloud computing.
The State Department is a frequent target of foreign government hacking. Russian intelligence has repeatedly targeted State Department computer networks. In 2014 and 2015, Russian hackers breached the State Department, the Joint Chiefs of Staff and the White House and other critical, but non-secret, computer networks.