Chinese hackers breached US government email accounts, Microsoft and White House say

CNN —
China-based hackers have breached email accounts at two-dozen organizations, including some United States government agencies, in an apparent spying campaign aimed at acquiring sensitive information, according to statements from Microsoft and the White House late Tuesday.
The full scope of the hack is being investigated, but US officials and Microsoft have been quietly scrambling in recent weeks to assess the impact of the hack and contain the fallout.
The federal agency where the Chinese hackers were first detected was the State Department, a person familiar with the matter told CNN. The State Department then reported the suspicious activity to Microsoft, the person said.
The Chinese hackers were detected targeting a small number of federal agencies and just a handful of officials’ email accounts at each agency in a hack aimed at specific officials, multiple sources familiar with the investigation told CNN.
The hackers successfully breached at least two executive branch agencies, including the State Department, multiple sources familiar with the investigation said. The hackers also targeted an agency on Capitol Hill but it was unclear if they were successful in breaching that agency, two sources familiar with the matter told CNN.
US Capitol Police declined to comment, referring CNN to the FBI.
“Last month, US government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems,” National Security Council spokesperson Adam Hodge said in a statement to CNN.
“Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” Hodge said. “We continue to hold the procurement providers of the US Government to a high security threshold.”
The State Department “detected anomalous activity, took immediate steps to secure our systems, and will continue to closely monitor and quickly respond to any further activity,” a department spokesperson said on Wednesday.
Hodge did not identify who was behind the hack, but Microsoft executives said in a blog post that the hackers were based in China and focused on espionage.
There is still an “ongoing, active investigation” in the US government to understand the full scope of the hack, a source familiar with the matter told CNN.
US officials have consistently labeled China as the most advanced of US adversaries in cyberspace. The FBI has said Beijing has a larger hacking program than all other governments combined.
China has routinely denied the allegations. The Chinese Embassy in Washington, D.C., did not immediately respond to a request for comment early Wednesday on the Microsoft findings.
The hacking began in mid-May, when the China-based hackers used a stolen sign-in key to burrow their way into email accounts, according to Microsoft. The tech giant has since blocked the hackers from accessing customer emails using that technique, Microsoft said late Tuesday.
This story has been updated with additional information.