Business

Microsoft’s alleged Chinese hack shows signs of prior reconnaissance

Microsoft Co., Ltd.

And U.S. government officials are still working to understand how a network of suspicious Chinese hacking groups has implemented an unusually indiscriminate and widespread method. Cyber ​​attacks on Microsoft email softwareMore than a month has passed since the discovery of operations that make hundreds of thousands of small businesses, schools, and other organizations vulnerable to intrusion.

According to people familiar with this issue, a major theory has emerged in the last few weeks. A Chinese hacker has mined a pile of pre-obtained personal information to carry out the attack.

Once such a method is identified, it can realize long-standing fears of the impact of Beijing’s previous massive data theft on national security. And that suggests that hackers had a higher degree of planning and sophistication than previously understood.

Anne Neuberger, President Biden’s Deputy National Security Adviser for Cyber ​​and Emerging Technologies, said: “The potential ability to operate that information on a large scale is an important concern.”

Shortly after the discovery of a computer system hack using Microsoft Exchange Server in March, the Biden administration’s senior national security authorities recognized it as a major international cybersecurity issue.

Anne Neuberger, President Biden’s Deputy National Security Adviser for Cyber ​​and Emerging Technologies, said the ability of hackers to use previously collected data is a serious concern.


Photo:

Drew Angeler / Getty Images

The White House has formed an inter-ministerial task force that includes private partners such as Redmond, Washington, high-tech giants, and cybersecurity companies to quickly share information and develop security patches for affected Exchange Server customers. Did.

Among the potential sources of personal data is China’s vast archive of billions of personal records that hackers may have stolen over the last decade. According to people familiar with the matter, hackers may have dug it up and found an email account that needed to be used to break into the target.

Another theory under investigation: Hackers have scanned social media sites such as LinkedIn to identify email accounts that are likely to be used in attacks because they are dealing with system administrators. Third: The hacker could have just been lucky to break into the system using the default administrator email address.

Attack on Exchange Server system I started sneaking slowly According to cybersecurity officials and analysts, a hacking group called Hafnium was launched in early January, targeting infectious disease researchers, law firms and universities in the past. Operational tempo is dramatic as other China-linked hacking groups have been involved in infecting thousands of servers and Microsoft scrambled to send software patches to customers in early March. Has risen to.

Microsoft and other security companies have publicly linked Exchange Server attacks to a group that appears to be based in China. The Biden administration has not publicly attributed the hack to any group, and China has denied involvement.

However, officials within Microsoft and the Biden administration continue to be confused about how suspicious Chinese actors were able to quickly succeed in such a global business, said Tom, vice president of customer security and trust at Microsoft.・ Bert said in an interview.

An attacker exploited a previously unknown set of bugs to break into an Exchange Server system and target users on a variety of systems. But to do that, hackers had to know the email account of the system administrator for each network, Bart said.

The theory quickly relies on personal information that leads to system administrator email account names, whether hackers were mined in previous hacks or obtained from public social media sites such as LinkedIn. It became clear to.

“It could be due to a large hack of big datasets, and there could be a large team of people focused on conducting social research to build these datasets. There is also, “says Bart. “Do you know?”

In 2015, the Obama administration discovered that hackers are linked to China Violated the U.S. Human Resources Department, The Human Resources Department of the United States Federal Government. Hackers have stolen millions of government background checks dating back 20 years to obtain detailed information about current and former US government officials and their families.

Beijing is also involved in hacking scores for a vast database of personal information from US and foreign companies. such as

Marriott International Co., Ltd.

And credit bureau

Equifax Co., Ltd.

In addition, many Exchange Server systems use the network domain name after the default administrator account “administrator @” to create another path for hackers to exploit.

As the code used in the Exchange Server attack was released, security experts and U.S. authorities urgently warned criminals to use the code in the second wave of cyberattacks.

However, according to investigators, the feared wave of attacks was not as serious as expected. These hackers are likely to have lost access to their personal information, adding credibility to the cybersecurity authorities’ theory that Chinese hackers may have used additional information.

The number of potential victims was enormous. March 9, cyber security company

Palo Alto Networks Co., Ltd.

He said he identified 125,000 unpatched potentially vulnerable Exchange systems. By April 1, more than 90% of Microsoft customers had patched their systems to address the vulnerabilities used in the attack, according to Bert.

Share your thoughts

What steps should the federal government take in response to a cyberattack? Join the conversation below.

Over the past month, Microsoft has urged customers to install security patches and released over 25 patch blizzards covering different versions of Exchange. At the request of the Biden administration’s task force, the company has also simplified the customer update process and released a “one-click patch” option. Bert and colleagues said at the meeting they discussed the possibility of how the attack was carried out without reaching consensus on any theory.

According to the company, it is estimated that hackers linked to China broke into a total of 20,000 servers.

Symantec,

Security department

Broadcom Co., Ltd.

However, Microsoft has limited access to data about Exchange servers running in the customer’s data center, so it may not be possible to see the full extent of the attack, Bart said.

Write to Dustin Voltz dustin.volz@wsj.com And at Robert McMillan Robert.Mcmillan@wsj.com

Copyright © 2020 DowJones & Company, Inc. all rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

Microsoft’s alleged Chinese hack shows signs of prior reconnaissance

Source link Microsoft’s alleged Chinese hack shows signs of prior reconnaissance

Back to top button