Chinese hackers intent on gathering intelligence on the United States gained access to government email accounts, Microsoft disclosed Tuesday night.
In blog post, Microsoft said about 25 organizations, including government agencies, were compromised by the hacking group, which used forged credentials to gain access to individual email accounts. Hackers had access to at least some of the accounts for a month before the breach was detected, Microsoft said. It did not identify the organizations and agencies affected.
The new breach does not appear to be of the same scale as the largest recent known intrusion, Russia’s penetration of government computers in 2019 and 2020 known as the SolarWinds hack. The new intrusion involved far fewer email accounts and did not go as deeply into the targeted systems, Microsoft officials said.
The hackers also do not appear to have gained access to classified networks. However, having access to government email for a month before being detected could allow the hackers to learn information useful to the Chinese government and its intelligence services.
“We estimate that this adversary is focused on espionage, such as gaining access to email systems for intelligence gathering,” wrote Charlie Bell, Microsoft’s executive vice president in the blog. “This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing on sensitive systems.”
The hack could further strain relations between China and the United States, even as the Biden administration seeks to cool tensions that have been exacerbated in recent months by several incidents including the transit of a Chinese spy balloon over the United States.
It could also increase criticism that the Biden administration is not doing enough to prevent Chinese spying. Cliff Sims, a former spokesman for the director of national intelligence in the Trump administration, said China was emboldened because President Biden did not confront Beijing over its attempts to influence recent elections.
“We need to have serious conversations about how much hacking we will tolerate before we take action,” Mr Sims said.
Mr. Bell, in the blog, said that people affected by the hack had been notified and that the company had completed efforts to mitigate the attack.
Earlier on Tuesday, hours before Microsoft’s announcement, representatives of various intelligence and national security agencies said they were unaware of reports of Chinese intrusion. A spokesman for the National Security Council did not immediately respond to a request for comment Tuesday night.
But Microsoft said information reported to them by customers alerted them to the intrusion and compromise on June 16. The company’s blog said the Chinese hacking group began gaining access to email accounts a month earlier, on May 15.
Microsoft did not say how many accounts it believes may have been compromised by the Chinese hackers, and did not say whether it had an estimate of what information was taken.
China has one of the most aggressive – and most capable – spy-hacking operations in the world.
Beijing, over the years, has carried out a series of hacks that have managed to steal huge amounts of government data. In 2015, a data breach apparently carried out by hackers affiliated with China’s foreign intelligence service stole huge numbers of records from the Office of Personnel Management.
In the SolarWinds hack, which occurred during the Trump administration, Russian intelligence agencies used a software vulnerability to gain access to thousands of computer systems, including many government agencies. The hack was named after the network management software used by Russian intelligence agencies to break into computers around the world.