"The hack of email accounts of senior U.S. officials including the commerce secretary is the latest feat from a network of Chinese state-backed hackers whose leap in sophistication has alarmed U.S. cyber-security officials.
The espionage was aimed at a limited number of high-value U.S. government and corporate targets. Though the number of victims appeared to be small, the attack -- and others unearthed in the past few months linked to China -- demonstrated a new level of skill from Beijing's large hacker army, and prompted concerns that the extent of its infiltration into U.S. government and corporate networks is far greater than currently known.
Even just a few years ago, Chinese hackers were known among cybersecurity investigators for loud smash-and-grab heists of intellectual property, military technology and even a database of U.S. government employees' personal information. The sometimes crude tactics, while effective, were often geared toward collecting huge troves of data rather than spying persistently on valuable targets, and typically left traces that made the hackers easy to identify and guard against in the future.
China's hacker army used to be "noisy" and "rudimentary," George Barnes, deputy director of the National Security Agency, said Thursday at an intelligence conference. The new hack and others identified in the past few months have shown that Beijing's sophistication "continues to increase," he said.
The advances are driven by necessity. With competition between the U.S. and China at its fiercest in decades, Beijing is eager for intelligence on what Washington is thinking and doing,officials and security analysts said. But recent progress in cybersecurity is forcing Chinese hackers to be more discriminating about when and how they break in, while heightened geopolitical tensions mean they have to be quieter as they poke around.
The latest attack focused on the Microsoft email accounts of Commerce Secretary Gina Raimondo, State Department officials and others not publicly disclosed. It is already being rated by some security experts as among the most technically sophisticated ever discovered, though many details -- including how it began -- haven't been shared by Microsoft. The attack and other recently disclosed cyber-espionage operations suggest Chinese hackers can now burrow deep into high-level computer networks and evade detection for months or even years.
The U.S. hasn't formally linked the attack to China, though Microsoft cited a Chinese hacking group and officials and lawmakers have said Beijing is responsible. China has denied the allegations.
China long relied on techniques such as blasting malicious spam at hundreds of thousands of inboxes with little effort on the chance an unsuspecting target would reveal a password. In some instances, hackers would clumsily roam around a network until they tripped a security alert that enabled defenders to quickly kick them out, cybersecurity researchers said.
In 2015, the U.S. and China agreed to scale back cyberattacks, and operations against Western targets appeared to decline. Then, in 2020 they began to increase again with much greater sophistication.
Fueled by the threat of ransomware attacks mostly emanating from Eastern Europe, companies had gotten better at detecting attacks. So the Chinese switched focus and began hitting devices on the edge of corporate networks -- hacks that were less likely to trigger security warnings, said Charles Carmakal, chief technology officer with Google's Mandiant cybersecurity group.
With the latest attack, the Chinese went further in their stealth technique. They gained access to the guts of Microsoft's cryptographic protection system and used it to produce digital tokens -- long strings of numbers and letters that are stored in the browser and act as a digital passport for Microsoft's online services.
"They'rehitting where the log data doesn't exactly light up like a siren to tell you what's wrong," said Matt Durrin, director of training and research at the security consulting firm LMG Security.
U.S. officials and Microsoft researchers disclosed on Tuesday that hackers linked to China breached email accounts at more than two dozen organizations globally, including some U.S. government agencies. American officials later said that Raimondo and senior officials at the State Department were among those in the government whose unclassified accounts were compromised.
Microsoft shared new details about the hack in a blog post Friday, but said some aspects of how the hack unfolded remained unclear. The hack was due to a "a validation error in Microsoft code," the company said, but the blog post didn't say when the bug was introduced.
A Microsoft spokeswoman declined to answer further questions.
"It was a very advanced technique and capability, and I imagine it was very valuable to the actor that used it," said Carmakal. That was likely a reason why it appears to have been used on a small number of high-value targets, he said. "The more they used it, the greater the likelihood of getting caught."
Secretary of State Antony Blinken raised the hacking issue Thursday during a meeting in Jakarta, Indonesia, with China's top foreign-policy official, State Department spokesman Matt Miller said.
"We have consistently made clear that any action that targets the U.S. government, U.S. companies, American citizens is of deep concern to us," Miller said." [1]
1. U.S. News: Email Attack Shows Leap in China Skills --- Cyberspies adapt to U.S.'s growing cyber defenses, learn to avoid detection. Volz, Dustin; McMillan, Robert;
Chin, Josh.
Wall Street Journal, Eastern edition; New York, N.Y. [New York, N.Y]. 15 July 2023: A.6.
Komentarų nėra:
Rašyti komentarą