Chinese hackers intent on harvesting information about the United States have gained access to government email accounts, Microsoft revealed Tuesday night.
In a blog post, Microsoft said about 25 organizations, including government agencies, were compromised by the hacker group, which used forged authentication tokens to gain access to individual email accounts. Hackers had access to at least some of the accounts for a month before the breach was discovered, Microsoft said. It did not identify the affected organizations and agencies.
The new breach does not appear to be of the same magnitude as the largest known recent intrusion, Russia’s penetration of government computers in 2019 and 2020 known as the SolarWinds hack. The new intrusion involved far fewer email accounts and didn’t go as deep into targeted systems, Microsoft officials said.
Furthermore, the hackers do not appear to have gained access to classified networks. However, having access to government email for a month before being caught could allow hackers to learn information useful to the Chinese government and its intelligence services.
“We estimate this adversary is focused on espionage, such as gaining access to e-mail systems for intelligence gathering,” Microsoft executive vice president Charlie Bell wrote in the blog post. “This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems.”
The hack could further strain relations between China and the United States, even as the Biden administration seeks to cool tensions that have been exacerbated in recent months by several incidents including the transit of a Chinese spy balloon through the United States United.
It could also raise criticism that the Biden administration isn’t doing enough to deter Chinese spying. Cliff Sims, a former spokesman for the director of national intelligence in the Trump administration, said China was emboldened because President Biden did not confront Beijing about its attempts to influence the recent election.
« We need to have some serious conversations about how much hacking we will tolerate before we act, » Mr. Sims said.
Mr. Bell said in the blog post that those affected by the hack had been notified and that the company had completed efforts to mitigate the hack.
On Tuesday, just hours before Microsoft’s announcement, representatives from various intelligence and national security agencies said they were unaware of any reports of Chinese intrusions. A National Security Council spokeswoman did not immediately respond to a request for comment on Tuesday night.
But Microsoft said information customers reported to them alerted them to the intrusion and compromise on June 16. The company’s blog post stated that the Chinese hacking group had started accessing email accounts a month earlier on May 15.
Microsoft didn’t say how many accounts it believes may have been compromised by Chinese hackers, and it didn’t say whether it had an assessment of what information was taken.
China has one of the most aggressive and most capable intelligence hacking operations in the world.
Beijing has, over the years, implemented a series of hacks that have managed to steal huge amounts of government data. In 2015, a data breach apparently carried out by hackers affiliated with China’s foreign intelligence service stole a huge number of records from the Office of Personnel Management.
In the SolarWinds hack during the Trump administration, Russian intelligence agencies used a software vulnerability to gain access to thousands of computer systems, including many government agencies. The hack takes its name from the network management software that Russian intelligence agencies had used to break into computers around the world.