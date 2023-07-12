Chinese hackers broke into the email accounts of people at “approximately 25 organizations,” including U.S. government agencies, Microsoft said late Tuesday.

Microsoft began investigating suspicious activity after receiving reports from customers on June 16, according to the company’s brief statement, leading to the discovery of a Chinese hacking campaign that began on May 15 and compromised an unidentified number of victims’ work email accounts, along with “a small number” of personal accounts likely belonging to those same people.

The hackers used a stolen code-signing key to forge digital tokens that unlocked the targeted accounts, Microsoft said in a technical blog. The company did not identify any of the targeted organizations.

“Last month, U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems,” National Security Council spokesperson Adam Hodge said in a statement. “Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service.”

Three federal agencies had their emails accessed in the attack, with 10 or fewer individual victims at each agency, according to a U.S. official familiar with the matter, who said the campaign was "clearly targeted for [People's Republic of China] policy interests."

CNN reported that the State Department was one of the victim agencies. The department did not immediately respond to a request for comment.

The FBI, which is investigating the intrusions, did not immediately respond to a request for comment.

Microsoft said it has finished kicking the hackers out of compromised accounts and has notified all of the hackers’ targets. It also said it is working with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and other agencies to “protect affected customers and address the issue.”

The group behind the attack is likely “focused on espionage, such as gaining access to email systems for intelligence collection,” the company said.

Chinese hackers have perpetrated several of the most sweeping digital espionage campaigns against the United States, including the 2015 breach of the U.S. Office of Personnel Management, which compromised the records of approximately 21.5 million people.

In its 2023 threat assessment, the Office of the Director of National Intelligence said that Beijing “probably currently represents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private-sector networks."

The disclosure of the new intrusions is likely to raise questions about whether Microsoft, one of the government’s most important technology vendors, is following the basic security practices that the Biden administration has said it will demand from government contractors.

“We continue to hold the procurement providers of the U.S. Government to a high security threshold,” Hodge said.

John Hultquist, the chief analyst at the Google-owned threat intelligence firm Mandiant, said the newly revealed attacks highlight how Chinese hackers have “come a long way” from their initial “broad, loud campaigns that were far easier to detect.”



"They were brash before, but now they are clearly focused on stealth," Hultquist said. "We are facing a more sophisticated adversary than ever, and we'll have to work much harder to keep up with them."