Chinese hackers intent on collecting intelligence on the United States gained access to government email accounts, Microsoft disclosed on Tuesday night.
In a blog post, Microsoft said about 25 organizations, including government agencies, had been compromised by the hacking group, which used forged authentication tokens to get access to individual email accounts. Hackers had access to at least some of the accounts for a month before the breach was detected, Microsoft said. It did not identify the organizations and agencies affected.
The new breach does not appear to be of the same scale as the largest recent known intrusion, Russia’s penetration of government computers in 2019 and 2020 known as the SolarWinds hack. The new intrusion involved far fewer email accounts and did not go as deep into the targeted systems, Microsoft officials said.
The hackers also do not appear to have gained access to classified networks. Nevertheless, having access to government email for a month before being detected could allow the hackers to learn information useful to the Chinese government and its intelligence services.
“We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection,” Charlie Bell, a Microsoft executive vice president, wrote in the blog post. “This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems.”
The hack could further strain relations between China and the United States, even as the Biden administration seeks to cool tensions that have been aggravated in recent months by several incidents including the transit of a Chinese spy balloon across the United States.
It could also increase criticism that the Biden administration is not doing enough to deter Chinese espionage. Cliff Sims, a former spokesman for the director of national intelligence in the Trump administration, said China had been emboldened because President Biden had not confronted Beijing over its attempts to influence recent elections.
“We need to have some serious conversations about how much hacking we’ll tolerate before taking action,” Mr. Sims said.
Mr. Bell, in the blog post, said that people affected by the hack had been notified and that the company had completed efforts to mitigate the attack.
Earlier on Tuesday, hours before the Microsoft announcement, representatives of various intelligence and national security agencies said they were not aware of reports of a Chinese intrusion. A spokeswoman for the National Security Council did not immediately respond to a request for comment on Tuesday night.
But Microsoft said information reported to them by customers had alerted them to the intrusion and compromise on June 16. The company’s blog post said the Chinese hacking group began gaining access to email accounts a month earlier, on May 15.
Microsoft did not say how many accounts it believes might have been compromised by the Chinese hackers, and did not say if it had an assessment of what information was taken.
China has one of the most aggressive — and most capable — intelligence hacking operations in the world.
Beijing has, over the years, carried out a series of hacks that have succeeded in stealing huge amounts of government data. In 2015, a data breach apparently carried out by hackers affiliated with China’s foreign spy service stole huge numbers of records from the Office of Personnel Management.
In the SolarWinds hack, which took place during the Trump administration, Russian intelligence agencies used a software vulnerability to gain access to thousands of computer systems, including many government agencies. The hack was named after the network management software Russian intelligence agencies had used to get into computers around the world.
