Microsoft revealed late Tuesday that Chinese hackers intent on gathering U.S. intelligence gained access to government email accounts.
exist a blog post, About 25 organizations, including government agencies, have been targeted by the hacking group, which uses fake authentication tokens to gain access to personal email accounts, Microsoft said. Hackers gained access to at least some of the accounts a month before the breach was discovered, Microsoft said. It did not name the organizations and institutions affected.
This new intrusion appears to be of a different scale than the largest recent known intrusion, the Russian infiltration of government computers in 2019 and 2020, known as the SolarWinds hack. Microsoft officials said the new intrusion involved far fewer email accounts and did not penetrate as far into targeted systems.
The hackers also do not appear to have gained access to the classified network. Still, accessing government emails for a month before being discovered could have given the hackers information useful to the Chinese government and its intelligence services.
“The focus of our assessment of this adversary was espionage, such as accessing email systems to gather intelligence,” Microsoft executive vice president Charlie Bell wrote in a blog post. “This type of espionage-motivated adversary seeks to abuse credentials and gain access to sensitive Access to data residing in the system.”
The hacking could further strain U.S.-China relations even as the Biden administration has sought to ease tensions that have intensified in recent months over several incidents, including a Chinese spy balloon flight over the United States.
It could also add to criticism that the Biden administration is not doing enough to deter Chinese espionage. Cliff Sims, a former spokesman for the Trump administration’s director of national intelligence, said China was emboldened because President Biden had not confronted Beijing over its attempts to influence the recent election.
“We need to have a serious discussion about how much hacking we can tolerate before we act,” Mr Sims said.
In a blog post, Mr Bell said people affected by the hack had been notified and the company had completed its work to mitigate the attack.
Earlier Tuesday, hours before Microsoft’s announcement, representatives of various intelligence and national security agencies said they were unaware of reports of a Chinese intrusion. A spokesman for the National Security Council did not immediately respond to a request for comment late Tuesday.
But Microsoft said information reported to them by customers alerted them to the intrusion and compromise on June 16. The company’s blog post said the Chinese hacking group began gaining access to the email accounts a month ago, on May 15.
Microsoft did not say how many accounts it believes may have been hacked by the Chinese, or whether it conducted an assessment of what information was stolen.
China has one of the most aggressive and capable intelligence hacking operations in the world.
Over the years, Beijing has carried out a series of hacking attacks that have successfully stolen vast amounts of government data. In 2015, a data breach apparently by hackers affiliated with China’s foreign spy agency stole troves of records from the Office of Personnel Administration.
In the SolarWinds hack that occurred during the Trump administration, Russian intelligence agencies exploited software vulnerabilities to gain access to thousands of computer systems, including many government agencies. The hack was named for network management software used by Russian intelligence agencies to break into computers around the world.