By Annabelle Liang
Business reporter
China-based hackers have gained access to the email accounts of around 25 organisations, including government agencies, Microsoft says.
The software giant has not provided details of where the government agencies are based.
However, the US Department of Commerce has confirmed to the BBC that Microsoft notified it about the attack.
Secretary of Commerce Gina Raimondo was among the individuals impacted by the breach, according to reports.
“Microsoft notified the Department of a compromise to Microsoft’s Office 365 system, and the Department took immediate action to respond,” a US Department of Commerce spokesperson told the BBC.
“We are monitoring our systems and will respond promptly should any further activity be detected,” they added.
US media reported that the State Department had also been targeted by the hackers.
The State Department did not immediately respond to a BBC request for comment.
China’s embassy in London told the Reuters news agency that the accusation was “disinformation” and called the US government “the world’s biggest hacking empire and global cyber thief.”
Microsoft said the China-based hacking group – which it refers to as Storm-0558 – had accessed email accounts by forging digital authentication tokens required by the system. The tokens are typically used to verify a person’s identity.
“Storm-0558 primarily targets government agencies in Western Europe and focuses on espionage, data theft, and credential access,” the firm said.
The company said its investigations found that the breaches began in the middle of May and that it has now “mitigated the attack and have contacted impacted customers.”
“We added substantial automated detections for known indicators of compromise associated with this attack… and we have found no evidence of further access,” it added.
In May, Microsoft and Western spy agencies said Chinese hackers had used “stealthy” malware to attack critical infrastructure on American military bases in Guam.
Experts said it was one of the largest known cyber espionage campaigns against the US.
A key US military outpost, Guam’s ports and air bases would be crucial to any Western response to a conflict in Asia.
Beijing called the Microsoft report “highly unprofessional” and “disinformation”.
China routinely denies involvement in hacking operations regardless of the available evidence or context.