The China-linked hack of the Biden administration victimizing Microsoft customers has spread to Congress.
Rep. Don Bacon, Nebraska Republican, said he learned from the FBI that his emails were breached by China-linked hackers.
Investigators say the cyberattackers stole email data from federal officials, including those in the Commerce and State departments.
Mr. Bacon, a member of the House Armed Services Committee, disclosed the breach of his emails on X, the social media site formerly called Twitter.
“I thank the FBI for notifying me that the CCP hacked into my personal and campaign emails from May 15th to June 16th of this year,” Mr. Bacon said Monday. “The CCP hackers utilized a vulnerability in the Microsoft software, and this was not due to ’user error.’”
Microsoft previously said 25 organizations were known to have been affected in the hack conducted by the China-based group Storm-0558, according to Charlie Bell, Microsoft’s executive vice president of security, in July.
SEE ALSO: Microsoft says China hacked emails; Biden administration investigating the fallout
Microsoft said it traced the hacking campaign to May, began investigating in June and published a blog post in July saying it mitigated the threat for all customers.
Mr. Bacon’s disclosure of the breach of his emails reveals the scope of the hacking is broader than previously known.
“Thus, there were other victims in this cyber operation,” Mr. Bacon said on X. “The Communist government in China are not our friends and are very active in conducting cyber espionage. I’ll work overtime to ensure Taiwan gets every $ of the $19B in weapons backlog they’ve ordered, and more.”
The compromise of Mr. Bacon’s emails stands in contrast to the impression created by Microsoft and the Biden administration that the hack was contained.
The Microsoft Security Response Center said in July that if people had not heard from Microsoft, then the company had determined they were not affected.
National Security Adviser Jake Sullivan said in July that the Biden administration was working with Microsoft, rapidly detected the problem and prevented further breaches.
Congress wants answers about the full extent of the breaches. House Oversight and Accountability Committee lawmakers are investigating the China-linked hack.
The lawmakers said in August letters to the leaders of the Commerce and State departments that Congress fears the breaches show China has new cyber skills.
“China appears to be graduating from “smash and grab heists” that used to be “noisy” and “rudimentary” to a level described by security experts as “among the most technically sophisticated and stealthy ever discovered”,” the lawmakers wrote. “The incident even raises the possibility that Chinese hackers may be able to access high-level computer networks and remain undetected for months if not years.”
Sen. Ron Wyden has also pressured the Biden administration to investigate Microsoft’s cybersecurity failings surrounding the China-linked hack of the government.
Last month, the Oregon Democrat wrote to the Justice Department, the Federal Trade Commission and the Cybersecurity and Infrastructure Security Agency to probe Microsoft and made clear his request came after a spate of problems involving Microsoft’s services.
The Biden administration took new steps Friday to review the hack. CISA’s Cyber Safety Review Board said it would probe the malicious targeting of cloud computing environments broadly and assess the recent Microsoft breaches.
The board, created last year, teams private sector and public officials to study major cyber problems.
Microsoft said it has notified affected customers of the China-linked hack and had no comment on other organizations’ notifications to victims.
The FBI declined to comment.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.