Loopholes in Microsoft’s email system in Outlook have allowed hackers in Beijing to spy on US interests since the beginning of the year. Before them, it was the Russians who managed to eavesdrop on US government departments. Will there be a new wave of large-scale cyberspace operations to put pressure on the new US president?
There have been at least 30,000 victims in the United States. A computer attack, attributed to Chinese cybercriminals acting on behalf of Beijing, has affected a wide range of organizations, including schools, small businesses, local authorities, law firms, associations and police stations, several US media outlets reported in March.
“It’s massive. We talk about thousands of compromised computers every day,” a former Homeland Security official told Wired. “It’s a huge hack,” Chris Krebs, former head of the cyber security and infrastructure security agency, added on Twitter.
This is a crazy huge hack. The numbers I've heard dwarf what's reported here & by my brother from another mother (@briankrebs). Why, though? Is this a flex in the early days of the Biden admin to test their resolve? Is it an out of control cybercrime gang? Contractors gone wild? pic.twitter.com/cA4lkS4stg
— Chris Krebs (@C_C_Krebs) March 6, 2021
This is a crazy huge hack. The figures I have heard dwarf what is reported here & by my brother from another mother (@briankrebs). But why? Is this a flex in the early days of the Biden administrator to test their determination? Is it an uncontrolled cybercrime gang? Entrepreneurs gone wild? pic.twitter.com/cA4lkS4stg
– Chris Krebs (@C_C_Krebs) March 6, 2021
Cyber espionage and more
The operation probably began in early January 2021, according to Volexity, one of the first US cybersecurity companies to identify the threat. Cybercriminals exploited previously unknown vulnerabilities in Outlook Exchange Server, Microsoft’s e-mail service.
The hackers first tried to act discreetly but then attacked from all sides when Microsoft announced on March 3 that patches would be applied to better protect Outlook. Cybercriminals then hacked email servers around the world. They no longer only targeted the United States but also gained access to the European Banking Authority’s mailboxes.
While the software giant managed to tighten the security of its popular email service, much of the damage had been done. “The Chinese are already controlling everything that interests them,” a cybersecurity expert told Wired. In fact, the patches used by Microsoft only protect against future intrusions. Meanwhile, the Chinese hacker group – called Hafnium by Microsoft – can do whatever it wants with the more than 30,000 computers that have already been infected in the United States.
And what do they want? “A priori, this is a classic cyber intelligence business targeting the United States,” Guillaume Tissier, partner at financial intelligence and cyber security firm Avisa Partners, told FRANCE 24.
“They have access to all messages sent within a very large number of organizations, and we know that this is where most sensitive information, such as attachments or even complete contact lists, is found,” said Gérôme Billois, a cybersecurity expert for the IT security company Wavestone, said in an interview with FRANCE 24.
These cybercriminals can go even further. “Nothing prevents them from using the information they collect to blackmail victims,” Billois said. This type of attack also has a significant destabilizing effect.
“The cyber groups from companies and all computer security companies in the country will be on the job to identify all victims and clear all traces of this operation,” Tissier said.
“The risk is that in the meantime, vigilance will decrease on other fronts,” Billois added. The White House will hold an emergency meeting of authorities to consider how best to deal with this crisis situation, the Washington Post reported.
“This operation underscores the systemic risk of the cyber threat because it demonstrates the very strong dependence on companies and other structures of a small number of programs,” Billois said. In other words, the shortcomings of a single commonly used program, ie. Outlook, that tens of thousands of companies work well.
The Chinese follow the Russians
But it is also the second major computer attack on the United States since Biden’s victory. Before the Outlook hacking, there was the Solarwinds scandal, named after a software vendor who worked with a large number of different US authorities. The crack in one of their programs allowed hackers, presumably Russian, to spy on US government departments for several weeks.
“The last time the United States was hit by almost simultaneous large-scale attacks from both Russia and China goes back to the beginning of Barack Obama’s second term in 2012,” Billois said. The Chinese cyber threat was one of the key items on the agenda for a US-China summit in 2015.
“What’s happening? Are other powers testing Joe Biden’s determination in the cyber field?” Wondered Cancer.
In Billoi’s view, it may well be that the Russians and Chinese will try to gather as much information as possible about the new administration in order to get on the right diplomatic footing with the United States in the Biden era.
They may feel that need in particular, given that geopolitical tensions between Washington and the other two great powers are greatest. Moscow suspects Biden will be less accommodating than his predecessor Donald Trump, while the new president has signaled to Beijing that he will continue to make life difficult for them in terms of trade and technology. In that sense, cyberattacks are also being used “as diplomatic and political weapons,” Tissier said. By clearly showing that they can carry out attacks on American interests, they signal that they are aware of America’s weaknesses and that they are not afraid of a cyber war.
This article was translated from the original in French.