Suspected China Hack of Microsoft Shows Signs of Prior Reconnaissance

Microsoft Corp. and U.S. government officials are still working to understand how a network of suspected Chinese hacking groups carried out an unusually indiscriminate and far-reaching cyberattack on Microsoft email software, more than a month after the discovery of an operation that rendered hundreds of thousands of small businesses, schools and other organizations vulnerable to intrusion.

A leading theory has emerged in recent weeks, according to people familiar with the matter: The suspected Chinese hackers mined troves of personal information acquired beforehand to carry out the attack.

Such a method, if confirmed, could realize long-held fears about the national security consequences of Beijing’s prior massive data thefts. And it would suggest the hackers had a higher degree of planning and sophistication than previously understood.

“We face sophisticated adversaries who, we know, have collected large amounts of passwords and personal information in their successful hacks,” said Anne Neuberger, President Biden’s deputy national security adviser for cyber and emerging technology. “Their potential ability to operationalize that information at scale is a significant concern.”

Soon after the hack on computer systems using Microsoft Exchange Server was discovered in March, senior national security officials in the Biden administration recognized it as a major international cybersecurity problem.