Chinese hackers intent on gathering intelligence on the United States gained access to government email accounts, Microsoft revealed Tuesday night.
The attack was targeted, according to a person briefed on the intrusion into government networks, with the hackers going after specific accounts rather than carrying out a general intrusion that would suck up huge amounts of data. Adam Hodge, a spokesman for the White House National Security Council, said no classified networks had been affected. He continues to assess how much information was taken.
Microsoft said that in total some 25 organizations, including government agencies, had been compromised by the hacking group, which used forged authentication tokens to gain access to individual email accounts. The hackers had access to at least some of the accounts for a month before the breach was detected, Microsoft said. It did not identify the organizations and agencies affected.
The sophistication of the attack and its targeted nature suggest that the Chinese hacking group was part of or worked for Beijing’s intelligence service. “We assess that this adversary is focused on espionage, such as gaining access to email systems for intelligence gathering,” Charlie Bell, Microsoft’s executive vice president, wrote in a blog post On tuesday night.
Although the breach appeared to be much smaller in scale than some recent intrusions like Russia’s SolarWinds hack in 2019 and 2020, it could provide useful information for the Chinese government and its intelligence services, and threatened to further strain relations. between the United States. and china
The vulnerability that the hackers exploited appeared to be in Microsoft’s cloud security and was first detected by the US government, which immediately notified the company, Hodge said.
Inside the government, the attack revealed a major cybersecurity gap in Microsoft’s defenses and raised serious questions about the security of cloud computing, the person briefed on the intrusion said. The government has been moving data to the cloud, which promises better access to information and better security because it’s faster to patch vulnerabilities. The US also operates classified cloud servers, but they have more security protocols.
The person briefed on the intrusion said that government security requirements should have prevented the breach and that Microsoft has been asked to provide additional information about the vulnerability.
“We continue to hold US government procurement providers to a high security threshold,” Mr. Hodge said.
The attack comes at a sensitive time in US-China relations, as the Biden administration seeks to defuse tensions that have escalated in recent months over various incidents, including the transit of a Chinese spy balloon through the United States. It could raise criticism that the Biden administration is not doing enough to deter Chinese spying.
Cliff Sims, a former spokesman for the director of national intelligence in the Trump administration, said China had been emboldened that President Biden had not confronted Beijing over its attempts to influence the recent election.
“We need to have some serious conversations about how much hacking we will tolerate before we take action,” Sims said.
Mr. Bell, in the blog post, said that people affected by the attack had been notified and that the company had completed efforts to mitigate the attack. But government officials continue to ask the company to provide more details about the vulnerability and how it occurred, according to the person briefed on the intrusion.
Microsoft said it was informed of the intrusion and compromise on June 16. The company’s blog post said that the Chinese hacking group first gained access to the email accounts a month earlier, on May 15.
Microsoft did not say how many accounts it believes might have been compromised by the Chinese hackers.
China has one of the most aggressive and capable intelligence hacking operations in the world.
Beijing has, over the years, carried out a series of hacks that have managed to steal vast amounts of government data. In 2015, a data breach apparently carried out by hackers affiliated with China’s foreign spy service stole a large number of records from the Office of Personnel Management.
In the SolarWinds attack, which took place during the Trump administration, Russian intelligence agencies used a software vulnerability to gain access to thousands of computer systems, including many government agencies. The hack got its name from the network management software that Russian agencies had exploited to break into computers around the world.