Microsoft is warning that China-linked cyberattackers hacked customer emails, including government agencies, and the Biden administration is investigating the scope of the damage.
Some 25 organizations are known to be affected by the breaches conducted by the China-based group Storm-0558, according to Charlie Bell, Microsoft’s executive vice president of security.
Sen. Mark Warner, Virginia Democrat and chairman of the Senate Select Committee on Intelligence, said Wednesday the hackers appear to be connected to Chinese intelligence.
“We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection,” Mr. Bell wrote on Microsoft’s blog. “This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems.”
Mr. Bell said in the Wednesday blog post that Microsoft discovered the breach had begun in May after customers’ complaints spurred the Big Tech company in June to investigate unusual activity involving email accounts.
The Biden administration said Wednesday it quickly identified the hacking campaign. The U.S. government spotted the problem and alerted Microsoft, a White House National Security Council spokesman told The Washington Post.
National Security Adviser Jake Sullivan said the federal government is responding in coordination with Microsoft.
“We detected it fairly rapidly and we were able to prevent further breaches,” Mr. Sullivan told ABC’s “Good Morning America” from Lithuania. “The matter is still being investigated, so I have to leave it there because we’re gathering further information in consultation with Microsoft and we will continue to appraise the public as we learn more.”
The Microsoft Security Response Center published a notice saying it completed mitigation of the hack and if the Big Tech company has not contacted you directly, then it determined you were not affected. The center said the hackers primarily target government agencies in western Europe.
“As with any observed nation-state actor activity, Microsoft has contacted all targeted or compromised organizations directly via their tenant admins and provided them with important information to help them investigate and respond,” the center’s notice said. “We continue to work closely with these organizations.”
Mr. Wilson wrote that Microsoft is working with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency to help protect affected customers.
Congress is also scrutinizing the breach. Mr. Warner said Wednesday that the Senate Intelligence Committee is closely monitoring the hacking campaign.
“It’s clear that the PRC is steadily improving its cyber collection capabilities directed against the U.S. and our allies,” Mr. Warner said in a statement. “Close coordination between the U.S. government and the private sector will be critical to countering this threat.”
China has countered that reports of its involvement in hacking are a distraction from the U.S. government’s offensive cyber operations affecting the communist regime.
Chinese Foreign Ministry spokesperson Wang Wenbin said Wednesday in a press briefing that the hacking allegations were “disinformation” to divert attention away from the U.S. government’s actions.
Microsoft has previously warned of China-backed hackers preparing for more devastating attacks. In May, Microsoft said it discovered a China-sponsored hacking group looking to develop capabilities that may disrupt communications between the U.S. and Asia during future crises.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.