The Biden administration and several allies are set to claim Monday morning that China’s civilian intelligence service is responsible for a widespread hacking campaign that has hit tens of thousands of companies around the world this year.
According to a senior Biden administration official, hackers affiliated with the Chinese Ministry of State Security (MSS) carried out a large-scale operation that exploited security vulnerabilities in Microsoft Exchange Server software or Microsoft mail software. The attack was so widespread that At the time, the White House National Security Council was whipping up a response group to address the attack.
According to official information, the US and its allies plan to determine how MSS will hire criminal hackers on a contract basis to conduct hacking operations in Beijing.
“MSS is reportedly using criminal contract hackers to conduct unauthorized global operations,” a senior administration official said during a call on Sunday.
The National Security Agency, the FBI, and the National Security Agency’s Cybersecurity Agency (CISA) have been warning organizations for months about breaking the Microsoft Exchange Server, but this is the first time the U.S. government has officially blamed the campaign on the Chinese government. Microsoft security researchers have previously linked the operation to it activists operating in China, but did not explain the link to MSS in detail.
According to the official, the European Union, NATO, Japan and members of the “Five Eyes” intelligence alliance – Britain, Australia, Canada and New Zealand – will also criticize MSS. This is the first time that NATO has publicly attributed this type of activity to China.
The U.S. and its allies also plan to exclude contract hackers working for MSS from hacking campaigns for personal gain. The official said some of the intelligence agent’s hackers were carrying out software operations. In one case, hackers targeted an American company and demanded millions of dollars in ransom.
The U.S. Department of Justice announced on Monday that a senior federal arbitrator had indicted four Chinese nationals in May, and residents coordinated a hacking campaign on behalf of MSS that targeted U.S. and foreign victims from 2011 to 2018. MSS was ahead.
The U.S. intelligence community has long observed that hackers have links to the Russian or Iranian government. to work for personal gain. But it looks like MSS has put its twist on a simple book of hackers who have dual roles, an administration official said.
“On the Russian side … we sometimes see individuals with moonlight. And we see that … there are some connections between the Russian intelligence service and individuals, ”the official said. “But … the use of MSS is different from criminal contract hackers for conducting unauthorized Internet transactions around the world.”
Contract hackers have long been the bread and butter of MSS, according to a mysterious and anonymous group called Intrusion Truth, which conducts research on a blog dedicated to revealing what it says hackers work for MSS through frontline and contract companies. Other researchers, including those at the cybersecurity company FireEye, have previously said that some It seems that the hackers affiliated with the Chinese government are working financially hacking operations for personal gain.
The Chinese embassy in the United States did not immediately return a request for comment.
The administration’s decision to emphasize China’s role in the recent hacking scandal comes as the U.S. government a wave of cyber attacks that Cybercriminals and Hackers linked to the Russian government have also started against American companies in recent months. The bomber struck shortly after noon in front of a Biden administration building Russian hacking campaigns and instruct Russian President Vladimir Putin to punish hackers who attack from within his country.
And while Putin’s response to Biden’s requests for software hacking has been insignificant with some measures – the Kremlin says they have not asked U.S. authorities to prosecute the hackers, the Biden administration’s statement is controversial – the U.S. government has taken immediate action. keep Russia’s feet on fire in recent months. The administration has expelled 10 Russian diplomats and imposed sanctions on a number of individuals and companies. in the wake of the hacking operation, the U.S. government says the Russian Foreign Intelligence Service (SVR) has launched a crackdown on U.S. companies and several federal agencies.
But while the administration’s response to Russia’s hacking is quick and somewhat comprehensive, the administration’s response to China’s hacking seems to be lacking.
Allison Nixon, who has worked with companies vulnerable to Chinese hacking operations, says the attitude of Chinese hackers towards hacking Microsoft Exchange Server was something other than strategic and instead was chaotic and rude.
“It seemed like they didn’t care if the victim’s cars belonged to a strategic target or a rival nation,” Nixon, editor-in-chief of the cybersecurity consulting firm Unit 221B, told the Daily Beast.
According to Nixon, Chinese hackers did not leave any vulnerable system untouched and exposed companies to software attacks.
“They’re hitting the entire vulnerable population,” Nixon said. “As this increasingly damages civilian systems and exhausts people with this constant attack, we have to draw a line somewhere.”
Dmitry Alperovich, former CTO of the cyber security company CrowdStrike – a company owned by 2016 National Democratic Committee to Russian government hackers – told the Daily Beast the U.S. government should put more pressure on the Chinese government.
“Given that sanctions have already been applied to virtually every other cybercriminal state, non-application against China is a tough control,” said Alperovic, now chief executive of Silverado Police Accelerator. “The administration deserves credit for an influential international anti-hacking coalition against the Microsoft Exchange hackers, and I hope the next logical step is to address the criminal charges and impose sanctions for the first time. [the People’s Republic of China] activists for such violations. ”
A senior Biden administration official said the Biden administration would not put more pressure on Beijing, noting that U.S. officials had been in contact with senior Chinese government officials to expose them to the consequences of their shameless hacking.
“We do not rule out further action to bring the PRC to justice, ”the official said. “We also know that no one can change the behavior of the PRC … We have expressed our concerns about both the Microsoft incident and the cybercrime activities of the PRC with senior officials of the PRC government and made it clear that the PRC’s actions are insecure. and threaten trust and stability in cyberspace. ”
According to official sources, other countries are expected to attribute this activity to Beijing in the coming days.
Beijing may respond to the naming and embarrassment of the U.S., the EU and its allies, but it will be important to prosecute specific hackers to reduce such advanced attacks, says Phil Reiner, executive director of the Institute for Security and Technology.
“The Biden administration will continue to work with international partners to enforce global rules and standards – it is refreshing and welcome. Making it clear to other national leaders that this illegal and dangerous cybercrime is not allowed is a powerful tool, but one has to wonder whether additional actions such as accusations or sanctions are still going on, ”Rayner, who previously spoke at the Office, said. said the deputy secretary of defense for policy at the Pentagon, told the Daily Beast. “International pressure can be seen as a powerful tool in the case of China, but we must also hold those responsible for these attacks accountable.”
https://www.thedailybeast.com/china-was-responsible-for-microsoft-exchange-server-hack-says-us?source=articles&via=rss | China was responsible for the Microsoft Exchange Server Hack, the U.S. says