Hackers linked to China have accessed email accounts of Western government agencies and organisations in a cyberespionage campaign, Microsoft has said.
White House National Security Advisor Jake Sullivan appeared to confirm the allegations on Wednesday, saying that the United States had detected a breach of federal government accounts “fairly rapidly” and is investigating the matter.
Keep readinglist of 3 items
But China rejected the accusations, calling the US the “world’s biggest hacking empire and global cyber thief”.
“It is high time that the US explained its cyberattack activities and stopped spreading disinformation to deflect public attention,” Chinese Foreign Ministry spokesperson Wang Wenbin told reporters on Wednesday.
Microsoft had said early on Wednesday that the hacking group, dubbed Storm-0558, forged digital authentication tokens to access webmail accounts running on its Outlook service. The activity began in May.
“As with any observed nation-state actor activity, Microsoft has contacted all targeted or compromised organizations directly via their tenant admins and provided them with important information to help them investigate and respond,” the company said in a statement.
It added that the “adversary is focused on espionage”, including gaining access to emails for intelligence collection.
Microsoft did not specify which organisations or governments had been affected, but it said the hacking group involved primarily targets entities in Western Europe.
The company said it was working with the US Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency to “protect affected customers and address the issue”.
White House National Security Council spokesman Adam Hodge said an intrusion in Microsoft’s cloud security had “affected unclassified systems”, without elaborating.
“Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” Hodge was quoted as saying by the Reuters news agency.
The US Department of State similarly said on Wednesday that it had detected “anomalous activity” and took immediate steps to secure its computer systems.
The department “will continue to closely monitor and quickly respond to any further activity”, a spokesperson told Reuters by email, without mentioning China.
Earlier this year, the State Department warned against possible Chinese cyber activities. “The US intelligence community assesses that China almost certainly is capable of launching cyberattacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines and rail systems,” State Department spokesperson Matthew Miller said in May.
The issue risks renewing tensions between Washington and Beijing after visits by top US officials to China. The two countries are locked in an intensifying economic and geopolitical competition, but US and Chinese leaders stress that they are not seeking confrontation.
US Treasury Secretary Janet Yellen said last week that she held “productive” talks with Chinese officials during a trip to the country, adding that ties between the two nations are on “surer footing” as a result of the dialogue.
China insisted the aircraft, which was eventually shot down by US forces, was a weather balloon that strayed off its course and condemned the decision to bring it down.