Chinese hackers intent on collecting intelligence on the US gained access to government email accounts, Microsoft disclosed on Tuesday night.

The attack was targeted, according to a person briefed on the intrusion into the government networks, with the hackers going after specific accounts rather than carrying out a broad-brush intrusion that would suck up enormous amounts of data.

Adam Hodge, a spokesman for the White House’s National Security Council, said no classified networks had been affected.

An assessment of how much information was taken is continuing.

Microsoft said that in all, about 25 organisations, including government agencies, had been compromised by the hacking group, which used forged authentication tokens to get access to individual email accounts. Hackers had access to at least some of the accounts for a month before the breach was detected, Microsoft said. It did not identify the organizations and agencies affected.

The sophistication of the attack and its targeted nature suggest that the Chinese hacking group was either part of Beijing’s intelligence service or working for it. “We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection,” Charlie Bell, a Microsoft executive vice-president, wrote in a blog post on Tuesday night.

Although the breach appeared to be far smaller in scale than some recent intrusions like the SolarWinds hack by Russia in 2019 and 2020, it could provide information useful to the Chinese government and its intelligence services.

The vulnerability the hackers exploited appeared to be in Microsoft’s cloud security and was first detected by the US government, Hodge said.

Inside the government, the attack showed a significant cybersecurity gap in Microsoft’s defences and raised serious questions about the security of cloud computing.

New York Times News Service