The Washington Post has disclosed a significant cyberattack targeting its email system, resulting in the compromise of several journalists’ Microsoft email accounts. The breach was discovered on the Thursday evening of June 12, 2025, and staff were notified via an internal memo on Sunday, June 15, 2025. The memo, signed by Executive Editor Matt Murray, described the breach as a “possible targeted unauthorized intrusion”.
Who Was Targeted
The attack primarily affected journalists covering national security and economic policy, with a notable focus on those reporting on China. The number of compromised accounts appears limited, and the affected journalists were notified directly by management. The breach did not appear to impact other Post systems or its customers.
Nature and Scope of the Breach
The hackers gained access to the contents of the journalists’ work emails, including sent and received messages. The intrusion targeted Microsoft accounts, a common platform for advanced persistent threats (APTs) and state-sponsored actors. The Washington Post responded by forcing a reset of login credentials for all employees and bringing in a forensic cybersecurity team to investigate.
Suspected Perpetrators
Early indications suggest the attack may have been orchestrated by a foreign government, with several sources pointing to the possibility of Chinese state-sponsored hackers, given the focus on journalists covering China and the use of tactics seen in previous campaigns against media and government agencies. However, as of the latest updates, the identity of the perpetrators remains unconfirmed, and the investigation is ongoing.
Security and Industry Context
The breach is part of a broader trend of cyberattacks targeting journalists and media organizations, especially those reporting on sensitive geopolitical topics. Previous high-profile attacks have exploited vulnerabilities in Microsoft Exchange and targeted similar organizations for intelligence-gathering purposes.
The Washington Post emphasized that its reporters often use encrypted messaging and secure internal platforms for sensitive communications, reducing the potential impact of email-based breaches.
