China is suspected in the Microsoft Exchange hack that occurred in January. (Source: NPR)

China’s Hack of Microsoft Exchange Servers May Go Beyond Russia’s Solarwinds Breach

If you are a regular listener to NPR or National Public Radio, then you know how thorough they tell their stories. They are known for shows that dig deep and relay pieces of information the mainstream media stays away from.

A story spent months on zeroed in on a huge data hack that took place on Microsoft Exchange back in January of 2021.

Both the White House and Microsoft have said unequivocally that Chinese government-backed hackers are to blame. The White House convened a task force because of the seriousness of the breach.

NPR’s months-long examination of the attack — based on interviews with dozens of players from company officials to cyber forensics experts to U.S. intelligence officials — found that stealing emails and intellectual property may only have been the beginning. Officials believe that the breach was in the service of something bigger: China’s artificial intelligence ambitions. The Beijing leadership aims to lead the world in a technology that allows computers to perform tasks that traditionally required human intelligence — such as finding patterns and recognizing speech or faces.

This hack goes pretty much other huge hacks have gone. Dina Temple-Raston authored a detailed article outlining it. But the short explanation is this: China has a lot of state-sponsored hacking buddies, just like Russia. However China does not just go for the money, they go for the data. And they go in a big way. This hack went on for months before it was discovered and corrected.

The Microsoft Exchange hack was the latest in a long list of Chinese-sponsored cyberattacks. The tally in the four years between 2014 and 2018 is head-spinning. There was the Office of Personnel Management attack in which hackers spent some time in OPM networks and then whisked away 21.5 million records from the federal government’s background investigation database.

There was also a breach at the health care insurer Anthem Inc., in which cyber thieves swiped 78 million names, birth dates, and Social Security numbers. Two years after that, credit reporting agency Equifax Inc. announced that hackers stole the credit information of 147.9 million Americans. Then there was the break-in at Marriott’s Starwood hotels. In 2018, Starwood announced that someone had cracked into its reservations database and stolen reservation, credit card, passport and other travel information from some 500 million people.

U.S. officials said Beijing-backed hackers were behind every one of those attacks.

“If you look, just look at the Equifax breach alone, which I consider one of the greatest counterintelligence successes by the Chinese Communist Party, they have all the financial data for every single American adult,” said William Evanina, former director of the National Counterintelligence and Security Center. “The Chinese have more data than we have on ourselves.”

Yes, if you are reading this article, then your information has, in all likelihood, already been siphoned into Chinese data repositories, either through the cloud or on-premise for quite some time. Just relax. You are only part of the 80% of Americans that China has data vacuumed up.

Hack Hunters Adair and Burt

Steve Adair was the first person called in by Microsoft to find out who, how, and when this massive data breach took place. Adair is the founder of a cybersecurity company called Volexity, and he runs traps to corner intruders all the time. So he took a quick look at a server his client was using to run Microsoft Exchange and was stunned to “see requests that we’re not expecting,” he said. There were requests for access to specific email accounts, requests for confidential files.

Tom Burt is the man who runs the Digital Crimes Unit of Microsoft. He identifies a group called Hafnium as the culprit for this hack.

The second step of the hack was a bit more perplexing. The attackers seemed to have a weirdly specific piece of data ready to deploy: the exact email addresses of various people running Exchange servers around the world.

That struck Burt as odd, because those email addresses “would be different for every single company and organization around the world,” he said. “And that’s not public information. So when we looked at this we thought: How is this happening?”

The hack went viral before a patch fix could be introduced. The story highlights the lack of security that has victimized millions of Americans.