Washington Post's email system hacked, journalists' accounts compromised

Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government.

The incident was discovered on Thursday evening and the publication started an investigation. On Sunday, June 15, an internal memo was sent to employees, informing them of a “possible targeted unauthorized intrusion into their email system.”

According to The Wall Street Journal, the memo was signed by Executive Editor Matt Murray and informed that Microsoft accounts of a limited number of journalists were affected.

Owned by Amazon founder Jeff Bezos, The Washington Post is one of the most influential newspaper publications in the United States.

Internal sources told The Wall Street Journal that the attack targeted journalists writing on national security and economic policy topics, as well as some who write about China.

Advanced persistent threats (APTs), or state-sponsored actors, often target email systems like Microsoft Exchange. Two years ago, Chinese hackers leveraged insecure Exchange endpoints to breach email accounts of two dozen government agencies globally, accessing extremely sensitive and confidential data.

But Chinese threat groups have a long history of exploiting Exchange vulnerabilities in highly organized campaigns. They targeted U.S. government agencies in 2020, and multiple NATO members in 2021.

Last year, Microsoft warned that hackers were exploiting a critical privilege elevation bug in Exchange as a zero-day to perform NTLM relay attacks.

ESET cybersecurity company also discovered in 2021 multiple Chinese threat groups, including APT27, Bronze Butler, and Calypso, exploiting zero-day vulnerabilities in Microsoft Exchange.

Washington Post has not shared publicly any details about the attack.