U.S. Government Emails Hacked in Suspected Chinese Espionage Campaign

Hackers linked to China breached email accounts at more than two dozen organizations including some U.S. government agencies, officials and Microsoft researchers said, part of a suspected cyber-espionage campaign to access data in sensitive computer networks.

The new penetration has prompted alarm among some officials and security researchers and is being viewed as part of an espionage campaign that potentially compromised valuable information belonging to the U.S. government, according to people familiar with the matter. Senior Western intelligence officials have grown increasingly worried in recent years about the ability of Chinese hackers to orchestrate especially impressive and stealthy attacks that in some cases have been able to evade detection for years.

“Last month, U.S. government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems. Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” Adam Hodge, spokesman for the White House National Security Council, said. “We continue to hold the procurement providers of the U.S. government to a high security threshold.”

The full scope and severity of the incident, and which institutions and individuals were hacked, couldn’t be learned late Tuesday.

China has routinely denied hacking U.S. organizations and has accused the U.S. and its allies of targeting Chinese networks. China’s Washington embassy didn’t respond to emails requesting comment on Tuesday.

The hackers, dubbed Storm-0558 by Microsoft, broke into email accounts at about 25 organizations and hit consumer accounts that were likely linked to these entities, Microsoft said in a blog post published late Tuesday. The hackers took advantage of a security weakness in Microsoft’s cloud-computing environment that has now been mitigated, the company said.

“We have been working with the impacted customers and notifying them prior to going public with further details,” Microsoft said in its blog post. 

The hackers gained access to victims’ email beginning on May 15 and operated in stealth for more than a month, until June 16, when Microsoft began its investigation, the company said. 

U.S. cyber investigators within the Biden administration were still working to determine the potential severity of the hacking campaign. While significant, it appeared to be far narrower—and more targeted—than a Russian intelligence operation discovered in 2020 that weaponized a software from a U.S. company called SolarWinds to breach a wide raft of federal agencies and corporate networks, a person familiar with the matter said. Still, the incident was serious enough to trigger a recent briefing for congressional staff by the Biden administration, the person said.

The Biden administration has been working to ease tensions with Beijing following a series of confrontations in recent months, including over Taiwan, the Ukraine war, the U.S. discovery and shooting down of what it said was a Chinese surveillance balloon and revelations of increased Chinese intelligence cooperation with Cuba. Treasury Secretary Janet Yellen’s visit to China last week to discuss economic relations was the second by a top Biden administration cabinet member in less than a month, following Secretary of State Antony Blinken’s trip there in June.

Over the past year, China-linked hackers have displayed a new level of ingenuity in targeting widely used devices from well-known brands on the edge of corporate networks to get a foothold, according to researchers at Google, a part of Alphabet.

“We’re seeing some new victims; we’re seeing the exploitation of different technologies,” said Charles Carmakal,

The hackers in the latest attack gained access to email systems without authorization by forging digital tokens, used to authenticate users on the internet, Microsoft said. 

Based on Microsoft’s description of the hack, the technique appears to have been “very advanced,” Carmakal said. “When you use something like this on individuals, they are probably very high-value targets,” he said.

Senior U.S. officials have long viewed Beijing as a top cyber-espionage threat and for years have been alarmed at Chinese hacking groups’s success in compromising military targets and defense contractors to steal advanced military technology. U.S. intelligence agencies have observed improving tradecraft from hackers suspected of working on behalf of the Chinese Communist Party. In an annual worldwide threat assessment published earlier this year, U.S. intelligence officials said China “probably currently represents the broadest, most active, and persistent cyber espionage threat to U.S. government and private-sector networks.”

Write to Dustin Volz at [email protected], Robert McMillan at [email protected] and Warren P. Strobel at [email protected]