Chinese hackers seeking to gather information in the United States gained access to government email accounts, Microsoft revealed Tuesday night.
The attack was targeted, according to a person briefed on government network intrusions, with hackers going after certain accounts rather than messing around with potentially damaging brushes. Adam Hodge, a spokesman for the White House National Security Council, said no networks were affected. Evaluation of the amount of information taken is ongoing.
Microsoft said that in all, about 25 organizations, including government agencies, were compromised by the hacking group, which used fake passwords to gain access to email accounts. Hackers had access to some accounts for a month before they were exposed, Microsoft said. It did not name the organizations and institutions involved.
The complexity of the attack and the manner in which it was carried out indicate that the Chinese criminal organization was part of Beijing’s intelligence or working for it. “We see that this adversary is focused on espionage, such as accessing emails to gather intelligence,” Charlie Bell, Microsoft’s senior vice president, wrote in blog post Tuesday night.
Although the breach appears to be much smaller than recent interventions such as the SolarWinds shooting by Russia in 2019 and 2020, it could provide important information to the Chinese government and its intelligence services, and it threatened to disrupt relations between the United States. and China.
The vulnerabilities the hackers used appeared to be in Microsoft’s cloud security system and were first identified by the US government, which notified the company immediately, Hodge said.
In the government, the attack exposed a significant gap in cybersecurity at Microsoft and raised questions about the security of cloud computing, a person briefed on the intrusion said. The government has been moving data to the cloud, which promises better access to information and permanent security, because pushing patches to vulnerabilities is faster. The US also uses cloud servers, but they have more security protocols in place.
A person briefed on the intrusion said government security requirements should have prevented the breach, and that Microsoft has been asked to provide more information about the vulnerability.
“We continue to work on the US government’s procurement of advanced defense products,” said Mr. Hodge.
The hack comes at a critical time in US-China relations, according to the Biden administration they want to cool down the conflict which has been exacerbated in recent months by a number of incidents including the passage of a Chinese spy balloon over the United States. It could add to criticism that the Biden administration is not doing enough to stop Chinese espionage.
Cliff Sims, a former spokesman for the Director of National Intelligence in the Trump administration, said China was emboldened because President Biden did not meet with Beijing in an attempt to influence the recent election.
“We need to have a serious discussion about how much fraud we can tolerate before we take action,” Sims said.
Mr. Bell, in a blog post, said that those affected by the hack have been notified and that the company has completed efforts to mitigate the attack. But authorities are continuing to ask the company for details about the attack and how it happened, according to a person briefed on the intrusion.
Microsoft said it was informed of the intrusion and compromise on June 16. The company’s blog said a Chinese intelligence agency had gained access to the emails a month earlier, on May 15.
Microsoft has not said how many accounts it believes may have been hacked by the Chinese.
China has one of the world’s most brutal – and smartest – economies.
Beijing, over the years, has carried out several hacks that have managed to steal government information. In 2015, a data manipulation apparently occurred and criminals affiliated with China’s foreign espionage service stole dozens of records from the labor inspectorate.
In the SolarWinds hack, which took place during the Trump administration, Russian intelligence agencies used a software vulnerability to gain access to thousands of computers, including many government agencies. The hack was named after a network monitoring program that Russian agencies used to hack into computers around the world.