China and Russia cyberattacks mean enterprises must remain vigilant
- Following a series of attacks by Russia, businesses and government agencies in the US that use a Microsoft email service have been hacked by the Chinese.
- Officials have yet to fully grasp the extent and sophistication of both Russia’s and China’s latest efforts.
Cyberspace has become a full-blown war zone as state-sanctioned hackers across the globe clash for digital supremacy in a new, mostly invisible theater of operations. In fact, cyber-espionage incidents s are becoming a key weapon for governments seeking to defend national sovereignty and project national power. The most recent SolarWind and Hafnium attack by China and Russia, respectively, is simply a reflection of the fragility of modern networks and the sophistication of state-sponsored hackers.
Hacking and disinformation campaigns linked to Russia and China have stepped up significantly since the Covid-19 pandemic became widespread, heightening alarm over cyber threats that democratic nations can sometimes be ill-equipped to handle. Although nation-states spying on each other is pretty common knowledge these days, the extent and sophistication of these insidious Russia and China cyberwarfare campaigns are still baffling.
The immediate impact of both shows just how tricky it can be to take the full measure of a campaign even after it has been detected. In fact, officials are still struggling to understand how the latest breach compares with last year’s intrusion into a variety of federal agencies and corporate systems by Russian hackers.
The attacks with far-reaching consequences
It is becoming more apparent that the hacking that Microsoft has attributed to Beijing poses many of the same challenges as the SolarWinds attack conducted by the Russians, although the targets and the methodology are significantly different. In the SolarWinds incident, the Russian hackers planted code in an update of the SolarWinds network management software. While about 18,000 customers of the company downloaded the code, so far there is only evidence that the Russian hackers stole material from nine government agencies and roughly 100 companies.
And even more recently, the Microsoft Exchange Server major intrusion has been attributed to the Chinese, with estimates that 30,000 or so customers were affected when the hackers exploited holes in Exchange, a mail and calendar server created by the iconic tech stalwart.
Microsoft said in a blog post that those systems are used by a broad range of customers, from small businesses to local and state governments and some military contractors. The hackers were able to steal emails and install malware to continue surveillance of targeted accounts, but Microsoft said it had no sense of how extensive the theft was.
The hackers had stealthily attacked several targets in January before the cybersecurity firm discovered the hack, but the bad actors escalated their efforts in recent weeks as Microsoft moved to repair the vulnerabilities exploited in the attack. The state-backed group that Microsoft calls Hafnium has been using multiple zero-day exploits — which attack previously unknown vulnerabilities in software — to break into Exchange Servers, which manage email clients including Outlook. There, they could surreptitiously read through the email accounts of high-value targets.
The US National Security adviser Jake Sullivan, said on Twitter that the White House was “closely tracking” the reports that the vulnerabilities in Microsoft Exchange were being used in “potential compromises of U.S. think tanks and defense industrial base entities.” Microsoft, ever since the attack, has released patches that will protect anyone using Exchange Server from the assault. But experts reckon that it’s only a matter of time before other hackers reverse engineer the fix to figure out how to exploit the vulnerabilities themselves.
A report quoting a Southern California cybersecurity monitoring service Milton Security Group Inc. founder Jim McMurry stated that smaller organizations are “struggling already due to Covid shutdowns — this exacerbates an already bad situation. I know from working with a few customers that this is consuming a great deal of time to track down, clean, and ensure they were not affected outside of the initial attack vector,” he said.
McMurry said the issue is “very bad” but added that the damage should be mitigated somewhat by the fact that “this was patchable, it was fixable”. Either way, the attacks were so successful and so rapid that the hackers appear to have found a way to automate the process.