Loopholes in Microsoft’s Outlook email system have enabled hackers in Beijing to spy on American interests since the beginning of the year. Before them, it was the Russians who managed to eavesdrop on US government departments. Will there be a new wave of large-scale operations in cyberspace to put pressure on the new American president?
There have been at least 30,000 victims in the United States. A computer attack, attributed to Chinese cybercriminals acting on behalf of Beijing, has affected a wide range of organisations, including schools, small businesses, local government agencies, law firms, associations and police stations, several US media outlets reported in March.
“It’s massive. We’re talking about thousands of compromised computers every day,” a former Homeland Security official told Wired. “It’s an absolutely gigantic hack,” Chris Krebs, former head of the cybersecurity and infrastructure security agency, added on Twitter.
This is a crazy huge hack. The numbers I've heard dwarf what's reported here & by my brother from another mother (@briankrebs). Why, though? Is this a flex in the early days of the Biden admin to test their resolve? Is it an out of control cybercrime gang? Contractors gone wild? pic.twitter.com/cA4lkS4stg
— Chris Krebs (@C_C_Krebs) March 6, 2021
Cyberespionage and more
The operation likely began in early January 2021, according to Volexity, one of the first US cybersecurity companies to identify the threat. Cybercriminals exploited previously unknown vulnerabilities in the Outlook Exchange Server, Microsoft’s email service.
The hackers first tried to act discreetly, but then attacked from all sides when Microsoft announced on March 3 that patches would be applied to better protect Outlook. Cybercriminals then hacked e-mail servers around the world. No longer just targeting the United States, they also gained access to the mailboxes of the European Banking Authority.
While the software giant managed to tighten security for its popular e-mail service, much of the damage had been done. “The Chinese already control everything that interests them,” a cybersecurity expert told Wired. Indeed, the patches deployed by Microsoft only protect against future intrusions. Meanwhile, the Chinese hacker group – called Hafnium by Microsoft – can do what it wants with the more than 30,000 computers that have already been infected in the United States.
And what do they want? “A priori, this is a classic cyber intelligence operation targeting the United States,” Guillaume Tissier, partner at the economic intelligence and cybersecurity firm Avisa Partners, told FRANCE 24.
“They have access to all the messages sent within a very large number of organisations, and we know that this is where most of the sensitive data, such as attachments or even complete contact lists, can be found,” Gerome Billois, a cyber security expert for the IT security firm Wavestone, said in an interview with FRANCE 24.
These cybercriminals can go even further. “Nothing prevents them from using the information they retrieve to blackmail victims,” Billois said. This type of attack also has a significant destabilizing effect.
“The cyber teams of companies and all the computer security companies in the country are going to be at work to identify all the victims and clean up all traces of this operation,” Tissier said.
“The risk is that in the meantime, vigilance will decrease on other fronts,” added Billois. The White House is set to hold an emergency meeting of government agencies to consider how best to deal with this crisis situation, the Washington Post reported.
“This operation underlines the systemic risk of the cyber threat because it demonstrates the very strong dependence of companies and other structures on a small number of software programs,” Billois said. In other words, the flaws in a single widely used program, i.e. Outlook, threatens the proper functioning of tens of thousands of companies.
The Chinese follow the Russians
But it is also the second major computer attack against the United States since Biden’s victory. Prior to the Outlook hacking, there was the Solarwinds scandal, named after a software vendor that worked with a large number of different US administrations. The cracking of one of their programs allowed hackers, probably Russian, to spy on US government departments for several weeks.
“The last time that the United States suffered almost simultaneous large-scale attacks from both Russia and China dates back to the beginning of Barack Obama’s second term in office in 2012,” Billois said. The Chinese cyber threat was one of the central points on the agenda of an American-Chinese summit in 2015.
“What’s going on? Are other powers testing Joe Biden’s determination in the cyber realm?” Krebs wondered.
In Billois’ view, it may very well be that the Russians and Chinese will seek to retrieve as much information as possible about the new administration in order to get off on the right diplomatic foot with the US of the Biden era.
They may especially feel that need given that geopolitical tensions between Washington and the other two great powers are at their highest. Moscow suspects that Biden will be less accommodating than his predecessor Donald Trump, while the new president has signaled to Beijing that he will continue to make life difficult for them in terms of trade and technology. In that sense, cyber attacks are also “used as diplomatic and political weapons”, Tissier said. By conspicuously showing that they are able to carry out attacks against American interests, they signal that they are aware of America’s weak points and that they are not afraid of a cyber battle.
This article was translated from the original in French.