Microsoft says Chinese hackers gained access to government email accounts

Microsoft revealed Tuesday night that Chinese hackers intent on gathering intelligence on the United States gained access to government email accounts.

in blog post, Microsoft said about 25 organizations, including government agencies, were hacked by the hacking group, which used fake authentication codes to access individual email accounts. Microsoft said the hackers had access to some accounts for at least a month before the breach was discovered. It did not identify the affected organizations and agencies.

The new hack does not appear to be of the same magnitude as the largest known breach recently, the Russia breach of government computers in 2019 and 2020 known as the SolarWinds hack. Microsoft officials said the new breach involved far fewer email accounts and did not go deep into the targeted systems.

It does not appear that the hackers gained access to the secret networks. However, having access to government email for a month before it was discovered could allow hackers to learn information useful to the Chinese government and its intelligence services.

“We assess that this discount focuses on espionage, such as accessing email systems to gather intelligence,” Charlie Bell, executive vice president of Microsoft, wrote in the blog post. “This type of adversary, motivated by espionage, seeks to misuse credentials and gain access to data on sensitive systems.”

The hack could further strain relations between China and the United States, even as the Biden administration seeks to calm tensions that have been exacerbated in recent months by several incidents including the crossing of a Chinese spy balloon across the United States.

It could also add to criticism that the Biden administration is not doing enough to deter Chinese espionage. Clive Sims, a former spokesman for the Trump administration’s director of national intelligence, said China was encouraged that President Biden did not confront Beijing about its attempts to influence the recent election.

“We need to have some serious conversations about how much hacking we’re going to tolerate before we take action,” said Mr. Sims.

In the blog post, Mr. Bell said that people affected by the hack have been notified and that the company has completed efforts to mitigate the attack.

Earlier on Tuesday, hours before Microsoft’s announcement, representatives of various intelligence and national security agencies said they were not aware of reports of Chinese interference. A spokeswoman for the National Security Council did not immediately respond to a request for comment on Tuesday night.

But Microsoft said the information customers reported alerted them to the break-in and the settlement on June 16. The company blog said the Chinese hacking group began accessing email accounts a month ago, on May 15.

Microsoft has not said how many accounts it believes have been compromised by Chinese hackers, nor has it said if it has an assessment of the information obtained.

China has one of the most aggressive and capable intelligence hacking operations in the world.

Beijing has, over the years, carried out a series of hacks that have successfully stolen massive amounts of government data. In 2015, a data breach apparently by hackers affiliated with the Chinese Foreign Spy Service stole vast numbers of records from the Office of Personnel Management.

In the SolarWinds hack, which occurred during the Trump administration, Russian intelligence agencies used a software vulnerability to gain access to thousands of computer systems, including many government agencies. The hack is named after network management software that Russian intelligence agencies used to gain access to computers around the world.