Pierluigi Paganini June 17, 2025

State-sponsored hackers compromised the email accounts of several journalists working at the Washington Post.

A cyberattack, likely carried out by state-sponsored hackers, compromised the Microsoft email accounts of Washington Post journalists, including reporters covering China and national security.

“A cyberattack on the Washington Post compromised email accounts of several journalists and was potentially the work of a foreign government, company officials told some affected staffers in recent days, according to people familiar with the situation.” reads the report published by The Wall Street Journal.

“Staffers were told the intrusions compromised journalists’ Microsoft accounts and could have granted the intruder access to work emails they sent and received, some of the people said. The reporters targeted include those on the national-security and economic-policy teams, including some who write about China, the people said.”

The cyber attack was discovered on June 13. On June 15, the media outlet informed its staff via memo of the potential compromise of the Microsoft email accounts of a limited number of journalists.  Executive Editor Matt Murray sent the memo to the employees.

The Washington Post reset all employee passwords as a precaution after the intrusion, which didn’t affect other systems or customers.

The Washington Post is a major American daily newspaper based in Washington, D.C. It is one of the most influential and widely read newspapers in the United States, known for its investigative journalism, in-depth political coverage, and reporting on national and international news. Jeff Bezos, the founder of Amazon, acquired it in 2013.

In February 2022, American media and publishing giant News Corp revealed it was a victim of a cyber attack from an advanced persistent threat actor that took place in January.

The attackers compromised one of the systems of the company and had access to emails and documents of some employees.

Initial investigation into the hack revealed that the attack was carried out by a nation-state actor for cyber espionage purposes. News Corp has hired cybersecurity and incident response firm Mandiant, to assist with the investigation. Mandiant researchers speculated the attack was conducted by a China-linked APT group.

“Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China’s interests,” David Wong, vice president of consulting at Mandiant, told Reuters.

News Corp-owned WSJ reported that the attack affected major portion of the new conglomerate, including The Wall Street Journal and New York Post.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Washington Post)