Washington Post Email System Breached in Suspected State-Sponsored Cyberattack

The Washington Post’s internal email system has been compromised in a cyberattack, believed to be orchestrated by a foreign government. The hack targeted the Microsoft email accounts of several journalists, with initial assessments indicating a focused attack on reporters covering critical international topics. The breach was detected on Thursday evening, and an internal memo was disseminated to staff on Sunday, June 15. Executive editor Matt Murray, in the memo, described the incident as a potential unauthorized intrusion, emphasizing that only a limited number of accounts were affected. Reports suggest that journalists focusing on national security, economic policy, and China-related matters were specifically targeted. These individuals are often prime targets for high-value hacks by state-sponsored groups, including those linked to China. Microsoft Exchange servers have been repeatedly exploited due to existing vulnerabilities. Chinese hackers, in the past, have leveraged Exchange vulnerabilities to infiltrate numerous sensitive systems, such as those belonging to U.S. government agencies and NATO member countries. Microsoft has previously warned about the dangers associated with its Exchange platform, including a critical zero-day vulnerability discovered in 2023, which was exploited in NTLM relay attacks. Cybersecurity firm ESET has identified other threat groups, like APT27, Bronze Butler, and Calypso, that have used zero-day bugs in Exchange for sophisticated spying operations. The Washington Post has not released specific technical details about the recent hack, nor has it identified the suspected origin of the attack. The company is collaborating with cybersecurity experts and conducting investigations to evaluate the extent of the damage.