Chinese Hackers Stole 60,000 State Dept. Emails in Breach Reported in July

The hackers used one stolen Microsoft certificate to penetrate the State Department email accounts, Biden administration officials told Senate staff members, and that token was used to hack 25 organizations and government agencies.

It is not yet clear what the substance of the emails was. U.S. officials have downplayed the notion that sensitive information could have been caught up in the hack, arguing that it had not compromised classified email accounts. The breaches took place in the weeks before Secretary of State Antony J. Blinken traveled to China. He was the first of a series of cabinet officials to make the trip as part of the Biden administration’s efforts to smooth over frayed diplomatic ties between Washington and Beijing, while at the same time imposing restrictions on investments Americans can make in certain Chinese sectors.

Mr. Schmitt said in a statement that the government’s reliance on lone vendors to facilitate systems — in this case, Microsoft — created unacceptable vulnerabilities in the system. He has pushed for the Defense Department to scrutinize its own reliance on similar single-vendor systems.

“We need to harden our defenses against these types of cyberattacks and intrusions in the future, and we need to take a hard look at the federal government’s reliance on a single vendor as a potential weak point,” Mr. Schmitt said in the statement, promising to press officials “for more answers to ensure China and other nefarious actors do not gain access to the federal government’s most sensitive information.”