Hagerty, Schmitt, Colleagues Demand Answers Regarding China’s Hack of State Department Email Server

July 26, 2023

WASHINGTON—United States Senator Bill Hagerty (R-TN), a member of the Senate Foreign Relations Committee, today joined Senator Eric Schmitt (R-MO), along with twelve other Senate colleagues, in sending a letter to State Department Chief Information Officer Kelly Fletcher to find out the extent of the People’s Republic of China’s (PRC’s) recent breach of the Department’s unclassified email server preceding Secretary Antony Blinken’s trip to China.

“Safeguarding our national security and domestic secrets from foreign adversaries is the utmost priority for our government. We were recently made aware that senior officials within the U.S. Department of State and various other Departments were victims of a People’s Republic of China (PRC)-backed cyber-attack, which resulted in compromised email accounts. It was reported that Chinese cyber-spies exploited a fundamental gap in the State Department’s cloud-based security architecture that provided broad access to sensitive electronic communications between senior officials,” the Senators wrote.

“Cyber-espionage originating from China has increased significantly, and will continue to do so. U.S. federal agencies must take the necessary steps to secure their networks and better mitigate against attacks,” the Senators continued. “As the United States Senate continues to evaluate legislation and proposals which shore up both immediate and long-term threats across U.S. government information systems, timelyinformation related to the recent cyber-intrusions into the State Department’s network is critical.”

Background:

  • In recent years, China has committed increasingly brazen and frequent acts of cyber-espionage. The Chinese government is singularly focused on using its advanced hacking program to acquire sensitive information, especially from the United States.
  • Using a blend of state and non-state actors, China has sought to gain access to information systems across the U.S. Federal Government. Cyber-espionage originating from China has increased significantly, and will continue to do so.
  • The letter seeks information related to how we can empower agencies to protect federal information systems, chiefly, unclassified email systems such as Microsoft Outlook. 
  • With a significant increase in cyber-espionage incidents, information received from the State Department would allow government offices to make well-informed policy decisions around more resilient unclassified email systems that can stand up to adversarial cyber-espionage operations.

A copy of the letter can be found here and below.

Dr. Fletcher,

Safeguarding our national security and domestic secrets from foreign adversaries is the utmost priority for our government. We were recently made aware that senior officials within the U.S. Department of State and various other Departments were victims of a People’s Republic of China (PRC)-backed cyber-attack, which resulted in compromised email accounts. It was reported that Chinese cyber-spies exploited a fundamental gap in the State Department’s cloud-based security architecture that provided broad access to sensitive electronic communications between senior officials.

In recent years, China has committed increasingly brazen and frequent acts of cyber-espionage. The PRC is singularly focused on using its advanced hacking program to acquire sensitive information, especially from the United States. Using a blend of state and non-state actors, China has sought to gain access to information systems across the U.S. Federal Government. Cyber-espionage originating from China has increased significantly, and will continue to do so. U.S. federal agencies must take the necessary steps to secure their networks and better mitigate against attacks. It is crucial those in the executive, federal, and legislative branch are confident the only people reading their emails are the intended recipients—not our adversaries.

As the United States Senate continues to evaluate legislation and proposals which shore up both immediate and long-term threats across U.S. government information systems, timely information related to the recent cyber-intrusions into the State Department’s network is critical. We request accurate information from your Department related to the cyber-espionage operations purportedly conducted by China’s state-sponsored cyber-espionage group, Storm-0558, against State Department Information Systems. Please address the following questions in a closed, unclassified briefing available to members and their staff:

1. Which State Department officials were compromised during Storm-0558’s cyberespionage campaign?

2. We are told the State Department discovered the cyber-espionage operation as a result of a gap in the cloud-based security provider’s security architecture. After notifying the cloud-based security provider of the breach, when was a security patch provided to mitigate ongoing and future attacks?

3. What steps are you taking to ensure future sophisticated attacks are mitigated? Do you anticipate needing additional tools to support this effort?

4. How will this recent cyber-intrusion shape the State Department’s potential $10 billion Evolve IT initiative? How will you ensure a more robust, layered cybersecurity architecture that includes multiple cybersecurity vendors for unclassified email?

The response to these questions should be provided no later than September 6, 2023.

Sincerely,

###