How China’s Devastating Microsoft Hack Puts Us All at Risk
By Matthew Brazil
© Provided by The Daily Beast
Michael Borgers/Getty
![a group of people on a stage: Michael Borgers/Getty](https://www.bing.com/news/{"default":{"load":"default","w":"80","h":"45","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1eAs6s.img?h=450&w=799&m=6&q=60&o=f&l=f"},"size3column":{"load":"default","w":"62","h":"35","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1eAs6s.img?h=351&w=624&m=6&q=60&o=f&l=f"},"size2column":{"load":"default","w":"62","h":"35","src":"//img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1eAs6s.img?h=351&w=624&m=6&q=60&o=f&l=f"}})
During World War II, the Chinese communists cultivated opium in their base area and trafficked it into Japanese-occupied cities. Mao Zedong’s man in charge was one of the biggest master spies of the period, Li Kenong. Though Mao later regretted cultivating the “special product,” which he called “that certain thing,” the drug caused disruption in the enemy rear and benefited the Red-area economy.
Load Error
Now it seems to be applying the same strategy in the West’s rear area, causing disruptions to online systems and simultaneously benefiting the Chinese economy with viruses and worms used to steal information from computer systems worldwide. The latest simultaneous exploit against thousands of organizations, disclosed on March 2, was dubbed the Microsoft Exchange hack, exploiting servers that manage email systems. The hack allows perpetrators to read messages of selected targets and then venture deeper into infected networks.
Over 60,000 organizations in the U.S. and at least 280,000 users worldwide using Microsoft Exchange for their email were hacked between Feb. 26 and March 3, according to Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency. The organizations include defense contractors, universities, state and local governments, policy think tanks, infectious disease researchers, and businesses: anyone that chose to use Microsoft Exchange for their email service.
This is the real deal. If your organization runs an OWA server exposed to the internet, assume compromise between 02/26-03/03. Check for 8 character aspx files in C:\inetpubwwwrootaspnet_clientsystem_web. If you get a hit on that search, you’re now in incident response mode. https://t.co/865Q8cc1Rm
— Chris Krebs (@C_C_Krebs) March 5, 2021
The unidentified organization behind the hack, assessed by Microsoft to be a Chinese state-sponsored entity, is known by the code name HAFNIUM. The hack has enabled unauthorized access to entire email systems and follow-on access to connected databases that store classified information, trade secrets, the wide range of other proprietary…
