The hack of Microsoft’s cloud that resulted in the compromise of government emails was an example of a traditional intelligence threat, a senior National Security Agency official said.
Speaking at the Aspen Security Forum, Rob Joyce, the director of cybersecurity at the NSA, said the United States needs to protect its networks against such spying, but that adversaries will continue to try to secretly extract information from each other.
“China is doing espionage,” Mr Joyce said. “It’s what nation-states do. We have to defend against it, we have to push back against it. But that’s something that happens.”
The hackers took emails from senior State Department officials including Nicholas Burns, the US ambassador to China. The theft of Mr. Burns’ emails was earlier reported by The Wall Street Journal and confirmed by a person familiar with the matter.
Commerce Secretary Gina Raimondo’s emails were also obtained in the hack, which was discovered in June by State Department cybersecurity experts scouring user logs for unusual activity. Microsoft later determined that Chinese hackers had gained access to email accounts a month earlier.
In a new deal with the Cybersecurity and Infrastructure Security Agency announced Wednesday, Microsoft agreed to give access to cloud computing logs to more users so they can hunt for unusual activity or potential hacks.
Hundreds of thousands of emails were compromised, but US officials described the attack as targeted, which used a compromised security key to penetrate selected Microsoft Outlook mailboxes.
Mr Joyce said the attackers were able to impersonate authorization to read those emails.
Speaking alongside Mr Joyce, Microsoft chairman Brad Smith said the attack showed China’s “growing sophistication”.
But both Mr Joyce and Mr Smith said the hack announced last week was less worrying than a wider breach that Microsoft, the NSA and the Cybersecurity and Infrastructure Agency announced in May. In that intrusion, which affected networks in Guam and elsewhere, malware was placed inside critical infrastructure and some unclassified military systems. Such cyber weapons could be used if there is tension between the US and China over Taiwan.
In the hack announced last week, US officials said Secretary of State Antony J. Blinken’s emails were not compromised. In a statement last week, Mr Blinken said the incident remained under investigation.
“As a general matter, we have consistently made it clear to China as well as other countries that any action that targets the US government or US companies, US citizens, is of great concern to us, and we will take appropriate action in response,” Mr Blinken said.
Edward Wong in Washington contributed reporting.