Chinese hackers have gained access to government email accounts with the intent of gathering intelligence on the United States, Microsoft revealed on Tuesday night.
In a blog post, Microsoft said about 25 organizations, including government agencies, were compromised by the hacking group, which used forged authentication tokens to gain access to personal email accounts. Microsoft said the hackers had access to at least some accounts for up to a month before the breach was discovered. It did not identify the organizations and agencies affected.
The new breach does not appear to be of the same scale as the largest known recent intrusion, the 2019 and 2020 intrusion into Russia’s government computers, known as the SolarWinds hack. Microsoft officials said the new intrusion involved a small number of email accounts and did not go as deeply into the targeted systems.
The hackers appear not to have gained access to the classified network. Still, having access to government email up to a month before it was discovered could allow hackers to obtain information useful to the Chinese government and its intelligence services.
“Our assessment is that this is focused on adversary espionage, such as gaining access to email systems to gather intelligence,” Charlie Bell, Microsoft’s executive vice president, wrote in a blog post. “This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems.”
This hack could further strain relations between China and the United States, even the Biden administration tries to calm the tension The situation has been further aggravated by several incidents in recent months, including the transit of Chinese spy balloons over the United States.
It could also lead to criticism that the Biden administration is not doing enough to stop Chinese spying. Cliff Sims, a former spokesman for the director of national intelligence in the Trump administration, said China’s emboldening has increased because President Biden has not confronted Beijing over recent efforts to influence the election.
“We need to have some serious conversations about how much hacking we will tolerate before we take action,” Mr Sims said.
Mr. Bell said in the blog post that those affected by the hack have been notified and that the company has completed efforts to mitigate the attack.
Earlier on Tuesday, hours before Microsoft’s announcement, representatives of various intelligence and national security agencies said they were not aware of reports of Chinese intrusions. A spokesman for the National Security Council did not immediately respond to a request for comment Tuesday night.
But Microsoft said that information provided to them by customers alerted them to the intrusion and compromise on June 16. The company’s blog post said that the Chinese hacking group started gaining access to email accounts a month ago on May 15.
Microsoft has not said how many accounts it believes may have been breached by Chinese hackers, and whether it has assessed what information was taken.
China has one of the most aggressive – and most capable – intelligence hacking operations in the world.
Over the past few years, Beijing has carried out a series of hacks that have managed to steal massive amounts of government data. In 2015, a data breach made clear Hackers linked to China’s foreign spy service stole a large number of records from the Office of Personnel Management.
In the SolarWinds hack, which took place during the Trump administration, Russian intelligence agencies used a software vulnerability to gain access to thousands of computer systems, including those of several government agencies. The hack was named after the network management software used by Russian intelligence agencies to penetrate computers around the world.