Suspected Chinese hackers to breach Microsoft possibly by mining personal data obtained beforehand
2021-04-08 10:32:06

Microsoft and U.S. government officials are still trying to figure out how a suspected Chinese hacker group carried out a far-reaching cyberattack against Microsoft e-mail software.

The major speculation has appeared in recent weeks that suspected Chinese hackers conducted the cyberattack by mining large amounts of personal information acquired in advance, according to people familiar with the matter.

Shortly after the U.S. discovered the hack on computer systems using Microsoft Exchange Server in March, senior national security officials in the Biden administration recognized that it was a major international cybersecurity issue.

The White House formed an interagency working group, named the Unified Coordination Group (UCG), which included private sector members such as Microsoft and cybersecurity firms, to quickly share information and develop security patches for affected Exchange Server customers.

Anne Neuberger, deputy national security adviser to President Biden for cyber and emerging technologies, said the ability of hackers to exploit previously collected data is a big concern.

Another theory currently under investigation is that hackers sift the email accounts of system administrators through social media platforms such as LinkedIn. And the hacker could use picked email accounts in the cyberattack.

A third theory is that the hackers may have just good luck. They used the default administrator email address to compromise the system.

Microsoft and other security firms have publicly linked the hack on Exchange Server to groups believed to base in China. The Biden administration has not publicly attributed the attack to any group, and China has denied any involvement.

Speculation quickly emerged that the hackers relied on personal information (possibly mined in previous hacks or gathered from publicly available social media platforms such as LinkedIn).

There are a lot of potential victims. On March 9, cybersecurity firm Palo Alto Networks said it had found 125,000 unpatched, potentially vulnerable Exchange systems. By April 1, more than 90% of Microsoft customers had applied patches to fix their attacked systems, Microsoft's senior official Tom Burt said.

According to Symantec, the security arm of Broadcom Inc., China-based hackers breached a total of up to 20,000 servers. But Mr. Burt said no one could know the range affected by the hack because Microsoft has limited access to Exchange Server data.

Source: https://www.wsj.com/articles/suspected-china-hack-of-microsoft-shows-signs-of-prior-reconnaissance-11617800400

Hacker Cybersecurity microsoft
Email Subscription
Newsletters and emails are now available! Delivered on time, every weekday, to keep you up to date with North American business news.
Weekly Highlights
Tesla's (TSLA.O) shares fell as much as 5% in pre-market trading after its fourth-quarter deliveries fell short of expectations.

2025-01-02

Tesla (TSLA.O) produced 22,727 other models in the fourth quarter, compared with market forecasts of 22,790.

2025-01-02

Yunding Technology: The company currently has no self-owned AI hardware products for sale

2025-01-02

Tesla (TSLA.O) Model 3/Y production in the fourth quarter of 2024 was 436,718 units.

2025-01-02

Tesla (TSLA.O) shares fell 2.7% in pre-market trading.

2025-01-02

ASIA TECH WIRE

Grasp technology trends

Download