A congressman from Nebraska who serves on the House Armed Services Committee stated that his communications were intercepted by China earlier this year.
“I thank the FBI for notifying me that the CCP hacked into my personal and campaign emails from May 15th to June 16th of this year. The CCP hackers utilized a vulnerability in the Microsoft software, and this was not due to ‘user error,’” Republican Rep. Don Bacon posted on social media.
“Thus, there were other victims in this cyber operation. The Communist government in China are not our friends and are very active in conducting cyber espionage. I’ll work overtime to ensure Taiwan gets every $ of the $19B in weapons backlog they’ve ordered, and more,” he wrote.
I thank the FBI for notifying me that the CCP hacked into my personal and campaign emails from May 15th to June 16th of this year. The CCP hackers utilized a vulnerability in the Microsoft software, and this was not due to “user error.” (1/2)
— Rep. Don Bacon 🇺🇸 (@RepDonBacon) August 14, 2023
According to Reuters, a Bacon representative stated that the FBI indicated that China seized information related to Bacon’s “personal banking, political strategy, and political fundraising.”
A representative of the Chinese Embassy labeled the allegation a “smear” that was part of a “groundless narrative,”
In a follow-up post on social media, Bacon said, “Plain and simple, the Chinese Communist Party is a bully. I will not back down. I will always stand up for freedom and human rights around the world.”
Plain and simple, the Chinese Communist Party is a bully. I will not back down. I will always stand up for freedom and human rights around the world.
— Rep. Don Bacon 🇺🇸 (@RepDonBacon) August 15, 2023
The Hill reports that the breach disclosed by Bacon occurred at the same time as other cyber intrusions.
Last month, hackers with ties to China hacked Ambassador to China Nicholas Burns’s email.
Republicans on the House Oversight and Accountability Committee are investigating intrusions of agency email systems, including those of the State Department and the Department of Commerce.
The China-linked hack of the Biden administration victimizing Microsoft customers has spread to Congress. https://t.co/DnP8ydah9V
— The Washington Times (@WashTimes) August 15, 2023
According to The Washington Post, “the breach has alarmed experts for another reason: It was unclear how the government could have prevented it while relying exclusively on Microsoft for cloud, email and authentication services.”
“Microsoft has said that the hackers obtained powerful signing keys they needed to create verified customer identities that could sidestep multifactor authentication. Combined with other Microsoft failings, millions of people could have been exposed to attack,” the Post reported.
According to an alert from Microsoft, it and federal agencies have found “stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States.”
The Microsoft advisory said, “Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering” is behind the attacks.
The alert said the hacker has a long-range, deadly purpose.
“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” Microsoft wrote.