Cyberattack compromises email accounts of Washington Post journalists

A cyberattack believed to have been orchestrated by a foreign government has compromised the email accounts of several journalists at The Washington Post, the newspaper confirmed in an internal memo circulated to staff on Sunday, June 15.

The breach was initially discovered on Thursday evening, prompting the launch of an internal investigation. Executive Editor Matt Murray informed employees of the suspected intrusion, describing it as a "possible targeted unauthorized intrusion into their email system." The memo indicated that the Microsoft email accounts of a limited number of journalists had been affected.

According to internal sources cited by The Wall Street Journal, the attack primarily targeted reporters covering national security and economic policy, as well as those reporting on China. The specificity of the targets has raised concerns about the involvement of a nation-state actor engaging in espionage or information gathering.

Owned by Amazon founder Jeff Bezos, The Washington Post is one of the most prominent newspapers in the United States and holds significant influence in political and international reporting.

While the publication has not publicly released technical details about the breach, the nature of the attack aligns with known tactics used by advanced persistent threats (APTs)—highly sophisticated cyber operations typically backed by national governments. These threat actors have previously exploited vulnerabilities in Microsoft Exchange systems to access sensitive data.

In 2021, Chinese state-affiliated hacking groups exploited zero-day vulnerabilities in Microsoft Exchange to breach dozens of organizations, including government agencies and private firms. Threat groups such as APT27, Bronze Butler, and Calypso have been linked to these operations, which have drawn scrutiny from cybersecurity experts and international regulators.

Microsoft itself has issued multiple warnings in recent years about critical Exchange vulnerabilities. One of the most concerning was a privilege escalation flaw used in NTLM relay attacks—an issue that has been leveraged in various campaigns to gain unauthorized access to secure networks.

As of now, The Washington Post has not disclosed the scope of the breach or whether any data was extracted. The investigation is ongoing, and it remains unclear which foreign government is believed to be behind the attack.