Foreign Government Suspected in Washington Post Email System Hack

The Washington Post is investigating a cyberattack that targeted its internal email system, with indications suggesting a foreign government may be responsible. The attack compromised the Microsoft email accounts of several journalists, with a focus on those covering sensitive international issues. The hack was discovered on Thursday evening, and an internal memo was shared with staff on June 15. Executive editor Matt Murray, in the memo, described the incident as a potential targeted unauthorized intrusion and indicated that only a few accounts were impacted. Journalists writing about China, national security, and economic policy were reportedly targeted. These journalists are frequent targets of high-profile hacks by state-sponsored groups, particularly those from China. The attackers exploited vulnerabilities in Microsoft Exchange servers, which have been previously used by advanced persistent threat (APT) groups. Chinese hackers have used Exchange vulnerabilities to breach sensitive systems, including those of U.S. government agencies and NATO members. Microsoft has warned about the risks associated with its Exchange platform, including a dangerous zero-day vulnerability exploited in NTLM relay attacks in 2023. ESET, a cybersecurity company, noted that other groups like APT27, Bronze Butler, and Calypso have exploited zero-day bugs in Exchange for sophisticated spying campaigns. The Washington Post has not released technical details about the hack or identified the suspected origin of the attack. The company is collaborating with cybersecurity specialists to assess the scope of the damage.