Beijing-linked hackers accessed US Ambassador to China Nicholas Burns' email account in an espionage operation thought to have compromised at least hundreds of thousands of individual US government emails, the Wall Street Journal reported on Thursday.
Daniel Kritenbrink, the assistant secretary of state for East Asia, was also hacked in the wider spying operation disclosed earlier this month by Microsoft, the report said, citing people familiar with the matter.
Asked about the reported breach of the two diplomats' accounts, the State Department declined to give any details and said its investigation of the spying operation was ongoing.
Burns and Kritenbrink join US Commerce Secretary Gina Raimondo as the only publicly named victims of the espionage campaign, which prompted a warning by Washington's top diplomat to his Chinese counterpart.
Chinese comments on the allegations
China's embassy in Washington did not immediately respond to a request for comment on the report, but the Chinese Ministry of Foreign Affairs previously called the earlier accusations "disinformation."
Microsoft said last week that Chinese hackers misappropriated one of its digital keys and used a flaw in its code to steal emails from US government agencies and other clients.
The company did not immediately return a message seeking comment on the WSJ report.
The breach has thrown Microsoft's security practices under scrutiny, with officials and lawmakers calling on the Redmond, Washington-based company to make its top level of digital auditing, also called logging, available to all its customers free of charge.
Microsoft said in a statement late on Thursday that it was taking the criticism on board.
Last week White House National Security Council spokesperson Adam Hodge said an intrusion in Microsoft's cloud security "affected unclassified systems," without elaborating.
"Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service," Hodge added.
The State Department "detected anomalous activity" and "took immediate steps to secure our systems," a department spokesperson said in a statement at the time.