A Chinese-based cyber actor has gained access to email accounts of 25 organizations, including federal agencies, in an attempt to collect intelligence from the U.S., Microsoft said in a report released Tuesday.

The hackers, known as Storm-0558, are “focused on espionage” and gathering intelligence by gaining access to email systems. 

“This type of espionage-motivated adversary seeks to abuse credentials and gain access to data residing in sensitive systems,” Microsoft said. 

The tech giant said it conducted an investigation into the breach and found out that the hackers initially accessed the emails in May. 

Microsoft also said it has been working with impacted customers and has notified them of the breach.

China’s foreign ministry spokesperson said the hack claims were “disinformation” intended to shift attention from U.S. cyberattacks on China, the Associated Press reported. 

“No matter which agency issued this information, it will never change the fact that the United States is the world’s largest hacker empire conducting the most cyber theft,” the spokesperson said in a briefing. 

In May, Microsoft uncovered that a Chinese state-sponsored cyber actor known as Volt Typhoon had been accessing credentials and network systems of critical infrastructure organizations in the U.S., including Guam.

The cyber actor targeted organizations in several sectors, including communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education.

Like Storm-0558, Volt Typhoon also focused on espionage and intelligence gathering.

Sen. Mark Warner (D-Va.), chairman of the Senate Select Committee on Intelligence, said in a statement that his committee is closely monitoring the latest breach. 

“It’s clear that the PRC is steadily improving its cyber collection capabilities directed against the U.S. and our allies,” Warner said.