Hong Kong —

State-backed Chinese hackers foiled Microsoft's cloud-based security in hacking the email accounts of officials at multiple U.S. agencies that deal with China ahead of Secretary of State Antony Blinken's trip to Beijing last month, officials said Wednesday.

The surgical, targeted espionage accessed the email of a small number of individuals at an unspecified number of U.S. agencies and was discovered in mid-June by the State Department, U.S. officials said. They said none of the breached systems were classified, nor was any of the stolen data.

Related video above: Rossen Reports: How to sign up for dark web monitoring

The hacked officials included Commerce Secretary Gina Raimondo, The Washington Post reported, citing anonymous U.S. officials. Export controls imposed by her agency have stung multiple Chinese companies.

One person familiar with the investigation said U.S. military and intelligence agencies were not among the agencies impacted in the monthlong spying campaign, which also affected unnamed foreign governments.

The officials spoke on condition they not be further identified.

In a technical advisory Wednesday and a call with reporters, the U.S. Cybersecurity and Infrastructure Security Agency and the FBI said Microsoft determined the hackers gained access by impersonating authorized users.

Officials did not specify the nature of the stolen data. But one U.S. official said the intrusion was “directly targeted” at diplomats and others who deal with the China portfolio at the State Department and other agencies. The official added that it was not yet clear if there had been any significant compromise of information.

The Blinken trip went ahead as planned, although with customary information security procedures in place, which required his delegation to use “burner” phones and computers in China.

The hack was disclosed late Tuesday by Microsoft in a blog post. It said it was alerted to the breach, which it blamed on a state-backed, espionage-focused Chinese hacking group “known to target government agencies in Western Europe,” on June 16. Microsoft said the group, which it calls Storm-0558, had gained access to email accounts affecting about 25 organizations, including government agencies, since mid-May as well as to consumer accounts of individuals likely associated with those agencies.

Neither Microsoft nor U.S. officials would identify the agencies or governments impacted. A senior CISA official told reporters in a press call that the number of affected organizations in the United States is in the single digits.

While the official declined to say whether U.S. officials are displeased with Microsoft over the breach, U.S. National Security Council spokesman Adam Hodge noted that it was “government safeguards” that detected the intrusion and added, “We continue to hold the procurement providers of the U.S. Government to a high security threshold.”

In fact, those safeguards consist of a data-logging feature for which Microsoft charges a premium. The CISA official noted that some of the victims lacked the data-logging feature and, unable to detect the breach, learned of it from Microsoft.

But of greater concern to cybersecurity experts is that The Storm-0558 hackers broke in using forged authentication tokens — which are used to verify the identity of a user. Microsoft's executive vice president for security, Charlie Bell, said on the company's website that the hackers had done that by acquiring a “consumer signing key.”

Cybersecurity researcher Jake Williams, a former National Security Agency offensive hacker, said it remains unclear how the hackers accomplished that. Microsoft did not immediately respond to emailed questions, including whether it was breached by the hackers to obtain the signing key.

Williams was concerned the hackers could have forged tokens for wide use to hack any number of non-enterprise Microsoft users. “I can’t imagine China didn’t also use this access to target dissidents on personal subscriptions, too."

The head of intelligence for the cybersecurity firm Crowdstrike, Adam Meyers, said in a statement that the incident highlights the systemic risk of relying on a single technology provider in Microsoft. He said “having one monolithic vendor that is responsible for all of your technology, products, services and security - can end in disaster.”

A Chinese foreign ministry spokesman, Wang Wenbin, called the U.S. accusation of hacking “disinformation” aimed at diverting attention from U.S. cyberespionage against China.

“No matter which agency issued this information, it will never change the fact that the United States is the world’s largest hacker empire conducting the most cyber theft,” Wang said in a routine briefing.

U.S. intelligence agencies also use hacking as a critical espionage tool and it is not a violation of international law.

Last month, Google-owned cybersecurity firm Mandiant said suspected state-backed Chinese hackers broke into the networks of hundreds of public and private sector organizations globally exploiting a vulnerability in a popular email security tool.

Earlier this year, Microsoft said state-backed Chinese hackers were targeting U.S. critical infrastructure and could be laying the technical groundwork to disrupt critical communications between the U.S. and Asia during future crises.

____

Associated Press writers Aamer Madhani in Washington and Zen Soo in Hong Kong contributed to this report. Bajak reported from Boston.

TAMPA, Fla. (WPTV) — Tampa Bay is breaking up with Jon Gruden -- again.

The team announced Tuesday that it is removing the former Buccaneers head coach from its Ring of Honor, one day after his resignation as Las Vegas Raiders head coach.

"The Tampa Bay Buccaneers have advocated for purposeful change in the areas of race relations, gender equality, diversity and inclusion for many years," a team statement read. "While we acknowledge Jon Gruden's contributions on the field, his actions go against our core values as an organization. Therefore, he will no longer continue to be a member of the Buccaneers Ring of Honor."

Jason Behnken/AP

Gruden resigned Monday in the wake of several articles detailing his use of racist, homophobic and misogynistic terms in emails dating back to 2010.

The emails were discovered during an NFL investigation into workplace misconduct involving the Washington Football Team.

According to the New York Times, the emails were sent to Bruce Allen, Washington's former team president. He was fired by the organization in December 2019.

Gruden was in his second stint with the Raiders after signing a 10-year, $100 million contract in 2018 and helping the team transition from Oakland to Las Vegas.

Chris O'Meara/AP

He was traded from the Raiders to the Buccaneers after the 2001 season and led Tampa Bay to its first Super Bowl to cap the 2002 season. But Gruden was fired by the franchise after the 2008 season and a 57-55 record through seven years with his hometown team.

Gruden was a 2017 Buccaneers Ring of Honor inductee.

This story was originally reported by Peter Burke on wptv.com.

WASHINGTON (AP) — Dozens of email accounts at the Treasury Department were compromised in the massive breach of U.S. government agencies being blamed on Russia.

That's according to an Oregon Democrat, Sen. Ron Wyden, who says hackers broke into systems used by the department’s highest-ranking officials.

Wyden issued a statement Monday after he and other members of the Senate Finance Committee were briefed by the IRS and the Treasury Department.

Wyden says that though there is no indication that taxpayer data was compromised, the hack “appears to be significant." In addition, the breach appears to involve the theft of encryption keys from U.S. government servers, Wyden said.

“Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen,” Wyden said in a statement.

It is also not clear what Russian hackers intend to do with any emails they may have accessed.

A Treasury Department spokeswoman declined to comment on Wyden’s statement.

Treasury was among the earliest known agencies reported to have been affected in a breach that now encompasses a broad spectrum of departments. The effects and consequences of the hack are still being assessed, though the Department of Homeland Security’s cybersecurity arm said in a statement last week that the intrusion posed a “grave” risk to government and private networks.

In the Treasury Department’s case, Wyden said, the breach began in July. But experts believe the overall hacking operation began months earlier when malicious code was slipped into updates to popular software that monitors computer networks of businesses and governments.