Chinese hackers seeking intelligence on the United States gained access to government email accounts, Microsoft announced Tuesday night.
In a blog post, Microsoft said about 25 organizations, including government agencies, had been compromised by the hacking group, which used counterfeit authentication tokens to access individual email accounts. Hackers had access to at least some of the accounts for a month before the breach was discovered, Microsoft said. It did not identify affected organizations and agencies.
The new breach does not appear to be of the same magnitude as the largest recent known intrusion, the 2019 and 2020 Russian penetration of government computers known as the SolarWinds hack. The new intrusion involved far fewer email accounts and did not penetrate as deep into the targeted systems, Microsoft officials said.
The hackers also seem not to have gained access to secret networks. Nevertheless, having access to government emails for a month before being discovered could allow the hackers to extract information useful to the Chinese government and its intelligence community.
“We are assessing that this adversary is targeting espionage, such as gaining access to intelligence-gathering email systems,” Charlie Bell, an executive vice president of Microsoft, wrote in the blog post. “This type of espionage-motivated adversary attempts to misuse credentials and access data residing in sensitive systems.”
The hack could further strain relations between China and the United States, even as the Biden administration seeks to ease tensions exacerbated by several incidents in recent months, including the transit of a Chinese spy balloon through the United States.
It could also increase criticism that the Biden administration is not doing enough to deter Chinese espionage. Cliff Sims, a former spokesman for the director of national intelligence in the Trump administration, said China was encouraged that President Biden had not confronted Beijing over its attempts to influence recent elections.
“We need to have serious conversations about how much hacking we tolerate before taking action,” Mr Sims said.
Mr Bell said in the blog post that people affected by the hack had been notified and that the company had made every effort to contain the attack.
Earlier on Tuesday, hours before the Microsoft announcement, representatives from various intelligence and national security agencies said they were unaware of any reports of a Chinese break-in. A spokeswoman for the National Security Council did not immediately respond to a request for comment on Tuesday evening.
But Microsoft said information reported to them by customers informed them of the intrusion and compromise on June 16. The company’s blog post stated that the Chinese hacking group began accessing email accounts a month earlier, on May 15.
Microsoft did not say how many accounts it believes may have been compromised by the Chinese hackers, and did not say whether it made an estimate of what information was obtained.
China has one of the most aggressive – and most capable – hacking operations in the world.
Beijing has carried out a series of hacks over the years that have succeeded in stealing massive amounts of government data. In 2015, a data breach, apparently carried out by hackers affiliated with China’s Foreign Intelligence Service, stole massive amounts of data from the Office of Personnel Management.
In the SolarWinds hack, which took place during the Trump administration, Russian intelligence used a software vulnerability to gain access to thousands of computer systems, including many government agencies. The hack is named after the network management software that Russian intelligence agencies had used to break into computers around the world.
