The hack, by a Chinese group that the company said was intent on conducting espionage, went undetected for a month.
- Give this articleShare full article
Microsoft said the Chinese hacking group began gaining access to email accounts in May and was not discovered until June.
Chinese hackers intent on collecting intelligence on the United States gained access to government email accounts, Microsoft disclosed on Tuesday night.
In a blog post, Microsoft said about 25 organizations, including government agencies, had been compromised by the hacking group, which used forged authentication tokens to get access to individual email accounts. Hackers had access to at least some of the accounts for a month before the breach was detected, Microsoft said. It did not identify the organizations and agencies affected.
The new breach does not appear to be of the same scale as the largest recent known intrusion, Russia’s penetration of government computers in 2019 and 2020 known as the SolarWinds hack. The new intrusion involved far fewer email accounts and did not go as deep into the targeted systems, Microsoft officials said.
The hackers also do not appear to have gained access to classified networks. Nevertheless, having access to government email for a month before being detected could allow the hackers to learn information useful to the Chinese government and its intelligence services.
“We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection,” Charlie Bell, a Microsoft executive vice president, wrote in the blog post. “This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems.”
The hack could further strain relations between China and the United States, even as the Biden administration seeks to cool tensions that have been aggravated in recent months by several incidents including the transit of a Chinese spy balloon across the United States.
It could also increase criticism that the Biden administration is not doing enough to deter Chinese espionage. Cliff Sims, a former spokesman for the director of national intelligence in the Trump administration, said China had been emboldened because President Biden had not confronted Beijing over its attempts to influence recent elections.
“We need to have some serious conversations about how much hacking we’ll tolerate before taking action,” Mr. Sims said.
Mr. Bell, in the blog post, said that people affected by the hack had been notified and that the company had completed efforts to mitigate the attack.
Earlier on Tuesday, hours before the Microsoft announcement, representatives of various intelligence and national security agencies said they were not aware of reports of a Chinese intrusion. A spokeswoman for the National Security Council did not immediately respond to a request for comment on Tuesday night.
But Microsoft said information reported to them by customers had alerted them to the intrusion and compromise on June 16. The company’s blog post said the Chinese hacking group began gaining access to email accounts a month earlier, on May 15.
Microsoft did not say how many accounts it believes might have been compromised by the Chinese hackers, and did not say if it had an assessment of what information was taken.
China has one of the most aggressive — and most capable — intelligence hacking operations in the world.
Beijing has, over the years, carried out a series of hacks that have succeeded in stealing huge amounts of government data. In 2015, a data breach apparently carried out by hackers affiliated with China’s foreign spy service stole huge numbers of records from the Office of Personnel Management.
In the SolarWinds hack, which took place during the Trump administration, Russian intelligence agencies used a software vulnerability to gain access to thousands of computer systems, including many government agencies. The hack was named after the network management software Russian intelligence agencies had used to get into computers around the world.
Julian E. Barnes is a national security reporter based in Washington, covering the intelligence agencies. Before joining The Times in 2018, he wrote about security matters for The Wall Street Journal. More about Julian E. Barnes
Maggie Haberman is a senior political correspondent and the author of “Confidence Man: The Making of Donald Trump and the Breaking of America.” She was part of a team that won a Pulitzer Prize in 2018 for reporting on President Trump’s advisers and their connections to Russia. More about Maggie Haberman
Jonathan Swan is a political reporter who focuses on campaigns and Congress. As a reporter for Axios, he won an Emmy Award for his 2020 interview of then-President Donald J. Trump, and the White House Correspondents’ Association’s Aldo Beckman Award for “overall excellence in White House coverage” in 2022. More about Jonathan Swan
- Give this articleShare full article
SKIP ADVERTISEMENT
Source: nytimes.com