LONDON, July 12 (Reuters) – Chinese state-linked hackers have secretly accessed email accounts at around 25 organisations including government agencies in a sweeping cyberespionage campaign, Microsoft said on Wednesday.
In an interview with ABC television, White House national security adviser Jake Sullivan said the United States had detected a breach of federal government accounts “fairly rapidly” and had managed to prevent further breaches.
The hacking group, which Microsoft (MSFT.O) dubbed Storm-0558, forged digital authentication tokens to access webmail accounts running on the firm’s Outlook service, Microsoft said in a statement on its website. The activity began in May.
“As with any observed nation-state actor activity, Microsoft has contacted all targeted or compromised organizations directly via their tenant admins and provided them with important information to help them investigate and respond,” the statement added.
Microsoft did not say which organisations or governments had been affected, but added that the hacking group involved primarily targets entities in Western Europe.
White House National Security Council spokesman Adam Hodge said an intrusion in Microsoft’s cloud security had “affected unclassified systems”, without elaborating.
“Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” he added.
China’s embassy in London did not immediately respond to an emailed request for comment. Beijing routinely denies involvement in hacking.
Reporting by James Pearson, editing by Ed Osmond, Emelia Sithole-Matarise and Kevin Liffey
Our Standards: The Thomson Reuters Trust Principles.