Republican Congressman Says China Hacked His Emails Thanks to Microsoft Bug

Nebraska Republican Congressman Don Bacon says his emails were hacked as part of a suspected Chinese espionage campaign exploiting a “vulnerability” in Microsoft software. The China-skeptical representative believes his hawkish views towards the Chinese Communist Party and public support for Taiwan made him a prime target for the attack, which occurred around the same time as other hacks targeting members of the State Department.

Warning! Microsoft Wants ChatGPT to Control Robots Next

Bacon shared the news on Twitter Tuesday, claiming he received a notice from the FBI telling him Chinese hackers had accessed his personal and campaign emails between May 15 to June 16 this year.

“The CCP [Communist Chinese Party] hackers utilized a vulnerability in the Microsoft software, and this was not due to ‘user error,’” Bacon wrote.

Bacon’s press secretary told Gizmodo the representative received an alert from Microsoft on June 16 telling him he may have been targeted in the hack and advised him to change his password. Bacon received a separate alert from the FBI on Monday telling him his emails had been accessed by hackers working at the behest of the Chinese Communist Party. The press secretary said Bacon believes the hackers may have accessed emails revealing political strategy, fundraising, and personal banking information, though she claimed Bacon refrained from discussing sensitive matters related to China or Taiwan via email. Microsoft and the FBI declined to comment.

The press secretary said the FBI notably did not directly link Bacon’s hacked emails to another hacking operation earlier this year that reportedly exposed the emails of multiple State Department officials, including Commerce Secretary Gina Raimondo. Microsoft published a blog post last month where it admitted a China-based threat actor referred to as “Storm-0558” successfully gained access to emails of “approximately 25 organizations in the public cloud.” Those organizations included government agencies.

“We now know that besides key targets in State Department, the CCP hacked into my personal and political email account,” Bacon said in a follow up tweet. “Why? I stand against the Uighur genocide and abuses conducted in Tibet and Hong Kong. And, I support an independent Taiwan.”

The attacks against Microsoft services have managed to draw concern from lawmakers on both sides of the political spectrum. Last month, Democratic Oregon Senator Ron Wyden sent a letter to the Cybersecurity and Infrastructure Security Agency calling on the agency to quickly launch an investigation and take action to hold Microsoft accountable for its “negligent cybersecurity practices.”

The DHS apparently took those pleas to heart. Last week, DHS Secretary Alejandro Mayorkas announced the Cybersecurity and Infrastructure Security Agency said it would investigate the recent Microsoft intrusion and provide recommendations to organizations to protect against cloud-based attacks. Republicans on the House Oversight and Accountability Committee have similarly launched their own investigation into the breach.

“China appears to be graduating from ‘smash and grab heists’ that used to be ‘noisy’ and ‘rudimentary’ to a level described by security experts as ‘among the most technically sophisticated and stealthy ever discovered,’” Oversight Committee Members wrote in a letter to Secretary of State Antony Blinken and Secretary of Commerce Gina Raimondo.

Bacon, meanwhile, doesn’t seem deterred by the hack. On Twitter Tuesday, the representative said he would work “overtime” to ensure Taiwan receives billions worth of US weapons it has ordered, “and more.”