A cyberattack has compromised the email accounts of several Washington Post journalists in what’s believed to be a state-sponsored intrusion targeting reporters covering national security and economic policy.

The breach, first reported by The Wall Street Journal, was discovered last Thursday and is under active investigation.

According to an internal memo from Washington Post Executive Editor Matt Murray, the affected accounts belong to a limited number of staff, including those reporting on China.

The attack is suspected to have exploited Microsoft email accounts, potentially giving hackers access to sensitive communications.

Although no specific government has been officially blamed, cybersecurity experts suggest the operation resembles tactics used by nation-state actors, particularly those seeking intelligence on foreign affairs.

Murray said the Post has implemented emergency security measures, including mandatory password resets for all employees. “We do not believe this unauthorised intrusion impacted any additional Post systems or has had any impact for our customers,” he said.

The breach follows a similar incident in 2022 involving The Wall Street Journal’s parent company, News Corp, where hackers reportedly linked to Beijing targeted journalists writing on issues such as Taiwan and China’s Uyghur population.

Journalists are increasingly targeted in espionage campaigns due to their access to high-value sources. Most reporters avoid sending sensitive material via email, opting instead for encrypted messaging tools like Signal.

Microsoft declined to comment on the incident.

The Washington Post has not publicly identified the attackers or confirmed whether any classified or confidential information was accessed. The investigation continues.