Chinese hackers breached US government email accounts, Microsoft and the White House say
Issouf Sanogo/AFP/Getty Images
The US government is conducting an investigation to determine the full extent of the apparent breach of government email accounts, a source familiar with the matter told CNN.
CNN
—
China-based hackers have breached email accounts at two dozen organizations, including some US government agencies, in an apparent espionage campaign aimed at obtaining sensitive information, according to statements from Microsoft and the White House late Tuesday.
The full extent of the hack is being investigated, but US officials and Microsoft have spent the past few weeks quietly trying to assess the impact of the hack and contain the fallout.
“Last month, U.S. government security officials identified an intrusion into Microsoft cloud security that affected unclassified systems,” National Security Council spokesman Adam Hodge said in a statement to CNN.
“Officers immediately contacted Microsoft to determine the source and vulnerability in their cloud service,” Hodge said. “We continue to hold the procurement suppliers of the US government to a high security threshold.”
Hodge did not identify who was behind the hack, but Microsoft executives said in a blog post that the hackers were based in China and focused on espionage.
There is still an “ongoing, active investigation” within the US government to understand the full extent of the hack, a source familiar with the matter told CNN.
US officials have consistently labeled China the most advanced of US adversaries in cyberspace. The FBI has said Beijing has a bigger hacking program than all other governments combined.
China has routinely denied the accusations. The Chinese embassy in Washington, DC, did not immediately respond to a request for comment early Wednesday on the Microsoft findings.
The hacking began in mid-May, when the China-based hackers used a stolen login key to dig into email accounts, according to Microsoft. The tech giant has since blocked the hackers from accessing customer emails using that technique, Microsoft said late Tuesday.