Chinese hackers seeking intelligence on the United States gained access to government email accounts, Microsoft announced Tuesday night.
The attack was targeted, according to a person briefed on the intrusion into government networks, with the hackers going after specific accounts rather than launching a large-scale intrusion that would suck up massive amounts of data. Adam Hodge, a White House National Security Council spokesman, said no secret networks had been affected. An assessment of how much information has been taken continues.
Microsoft said a total of about 25 organizations, including government agencies, had been compromised by the hacking group, which used counterfeit authentication tokens to access individual email accounts. Hackers had access to at least some of the accounts for a month before the breach was discovered, Microsoft said. It did not identify affected organizations and agencies.
The sophistication of the attack and its targeted nature suggest that the Chinese hacking group was part of or worked for Beijing’s intelligence agency. “We assess that this adversary is targeting espionage, such as gaining access to email systems for intelligence gathering,” Charlie Bell, an executive vice president of Microsoft, wrote in a blog post Tuesday evening.
While the breach seemed much smaller than some recent break-ins, such as the SolarWinds hack by Russia in 2019 and 2020, it could provide information useful to the Chinese government and its intelligence agencies, and it threatened to further undermine relations between the United States. to put pressure. and China.
The vulnerability the hackers exploited appeared to be in Microsoft’s cloud security and was first discovered by the US government, which immediately notified the company, Mr Hodge said.
Within the government, the attack exposed a significant cybersecurity hole in Microsoft’s defenses and raised serious questions about cloud computing security, the person briefed on the intrusion said. The government has moved data to the cloud, promising better access to information and improved security as pushing patches to vulnerabilities is faster. The US also operates classified cloud servers, but they have more security protocols.
The person briefed on the intrusion said government security requirements should have prevented the breach and Microsoft has been asked for additional information about the vulnerability.
“We continue to hold US government procurement providers to a high safety threshold,” said Mr. Hodge.
The hack comes at a delicate point in US-China relations as the Biden administration seeks to ease tensions exacerbated by several incidents in recent months, including the transit of a Chinese spy balloon through the United States. It could add to criticism that the Biden administration is not doing enough to deter Chinese espionage.
Cliff Sims, a former spokesman for the director of national intelligence in the Trump administration, said China was encouraged that President Biden had not confronted Beijing over its attempts to influence recent elections.
“We need to have serious conversations about how much hacking we tolerate before taking action,” Mr Sims said.
Mr Bell said in the blog post that people affected by the hack had been notified and that the company had made every effort to contain the attack. But government officials continue to ask the company for more details about the vulnerability and how it occurred, according to the person briefed on the intrusion.
Microsoft said it was made aware of the intrusion and compromise on June 16. The company’s blog post stated that the Chinese hacking group first gained access to email accounts a month earlier, on May 15.
Microsoft did not say how many accounts it believes may have been compromised by the Chinese hackers.
China has one of the most aggressive – and most capable – hacking operations in the world.
Beijing has carried out a series of hacks over the years that have succeeded in stealing massive amounts of government data. In 2015, a data breach, apparently carried out by hackers affiliated with China’s Foreign Intelligence Service, stole massive amounts of data from the Office of Personnel Management.
In the SolarWinds hack, which took place during the Trump administration, Russian intelligence used a software vulnerability to gain access to thousands of computer systems, including many government agencies. The hack is named after the network management software that the Russian agencies had exploited to infiltrate computers around the world.