Julian E. Barnes, Maggie Haberman and Jonathan Swan
Chinese hackers intent on collecting intelligence on the United States gained access to government email accounts, Microsoft disclosed on Tuesday night.
The attack was targeted, according to a person briefed on the intrusion into the government networks, with the hackers going after specific accounts rather than carrying out a broad-brush intrusion that would suck up enormous amounts of data. Adam Hodge, a spokesman for the White House’s National Security Council, said no classified networks had been affected. An assessment of how much information was taken is continuing.
Microsoft said that in all, about 25 organizations, including government agencies, had been compromised by the hacking group, which used forged authentication tokens to get access to individual email accounts. Hackers had access to at least some of the accounts for a month before the breach was detected, Microsoft said. It did not identify the organizations and agencies affected.
The sophistication of the attack and its targeted nature suggest that the Chinese hacking group was either part of Beijing’s intelligence service or working for it. “We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection,” Charlie Bell, a Microsoft executive vice president, wrote in a blog post on Tuesday night.
Although the breach appeared to be far smaller in scale than some recent intrusions like the SolarWinds hack by Russia in 2019 and 2020, it could provide information useful to the Chinese government and its intelligence services, and it threatened to further strain relations between the United States and China.