The Washington Post is dealing with a cyberattack that has compromised its internal email system, with suspicions pointing toward the involvement of a foreign government. The attack targeted Microsoft email accounts of several journalists, specifically those covering sensitive international matters. The breach was identified on Thursday evening, and an internal memo was sent to employees on Sunday, June 15th. Executive editor Matt Murray, in the memo, characterized the incident as a potential targeted intrusion and confirmed that a limited number of accounts were affected. Reports suggest that journalists covering topics like China, national security, and economic policy were targeted. These individuals are often the focus of sophisticated cyberattacks launched by state-sponsored groups, particularly those from China. The attacks exploited existing vulnerabilities within Microsoft Exchange servers, which have been repeatedly targeted by advanced persistent threat (APT) groups. In the past, Chinese hackers have used Exchange vulnerabilities to compromise systems, including those of U.S. government agencies and NATO member countries. Microsoft has warned about the risks of its Exchange platform, identifying a dangerous zero-day vulnerability in 2023 that was used in NTLM relay attacks. Cybersecurity firm ESET has also reported that groups like APT27, Bronze Butler, and Calypso have exploited zero-day bugs in Exchange for complex spying operations. The Washington Post has not provided technical details about the recent hack or revealed the suspected origin of the attack. The company is working with cybersecurity experts to determine the extent of the damage.
