Foreign hackers compromise Washington Post security reporters

Chinese state-sponsored hackers compromised Microsoft email accounts of Washington Post reporters covering national security and China on Jun. 12, 2025.

Mandiant cybersecurity firm attributed the attack to actors with a China nexus involved in espionage to benefit Chinese interests.

The breach specifically targeted journalists covering sensitive foreign affairs beats, including investigations into Chinese global influence and intelligence operations.

Executive Editor Matt Murray ordered immediate credential resets for all employees and notified affected journalists.

The attack used techniques consistent with APT31, a Chinese Ministry of State Security-linked group that sent over 10,000 malicious emails impersonating media outlets since 2010.

Salt Typhoon, a related Chinese hacking operation, compromised at least nine major U.S. telecom providers in what experts call the most significant cyber espionage campaign in history.

CISA recommends highly targeted individuals including journalists use end-to-end encrypted tools like Signal due to ongoing Chinese surveillance threats.