First modification:
–
A flaw in Microsoft’s well-known electronic messaging platform Outlook allowed hackers, who would work for Beijing, to spy on the United States since the beginning of the year. Before them, it was the Russians who managed to eavesdrop on US agencies. Are large-scale operations in cyberspace multiplying to pressure new US President Joe Biden?
At least 30,000 victims in the United States. A computer attack attributed to Chinese cybercriminals who acted on behalf of Beijing affected a wide range of organizations, including schools, small businesses, local government agencies, law firms, associations and even police stations, according to several US media reports since Friday. March 5th.
“It is massive. We are talking about thousands of computers compromised every day, “said a former member of the United States Department of Homeland Security, interviewed by the web portal ‘Wired‘. “This is an absolutely gigantic hack,” added Chris Krebs, the former director of the US Cybersecurity Agency, on Twitter.
This is a crazy huge hack. The numbers I’ve heard dwarf what’s reported here & by my brother from another mother (@briankrebs). Why, though? Is this a flex in the early days of the Biden admin to test their resolve? Is it an out of control cybercrime gang? Contractors gone wild? pic.twitter.com/cA4lkS4stg
– Chris Krebs (@C_C_Krebs) March 6, 2021
–
Cyber espionage and maybe more
The operation would have started in early January 2021, according to Volexity, one of the first US companies specializing in cybersecurity to identify the threat. Cybercriminals exploited hitherto unknown flaws in the Exchange server in Outlook, Microsoft’s messaging service.
The hackers first tried to act quietly, then attacked left and right when Microsoft declared, on Tuesday, March 3, that updates would be made to better protect Outlook. Cybercriminals then attacked email servers in all parts of the world, ceasing to target only the United States. This is how they also had access to the email inboxes of the European Banking Authority.
Although the computer giant managed to tighten the security of its popular messaging service, the damage was largely done. “The Chinese already control everything that interests them,” sums up a cybersecurity expert, interviewed by ‘Wired’. Indeed, updates made by Microsoft serve to protect against future intrusions. On the other hand, the Chinese hacking group – called Hafnium by Microsoft – can do whatever it wants on the more than 30,000 computers that have already been intervened in the United States.
And what do they want? “A priori, it is a classic cyber espionage operation whose objective is the United States,” says Guillaume Tissier, member of the Avisa Partners economic intelligence and cybersecurity cabinet, contacted by France 24. “They have access to all the messages that have been exchanged within a very large number of organizations, and it is known that this is where most of the sensitive data is, such as attachments or even complete contact lists ”, says Gérôme Billois, cybersecurity expert at the computer security company Wavestone, contacted by France 24.
But those cybercriminals can go even further. “Nothing prevents them from using the information they are going to obtain to extort money from the victims,” adds Gérôme Billois. In addition, this type of attack has a significant destabilizing effect. “The cyber teams of the companies and all the computer security companies in the country will get down to work to identify all the victims and clean up all traces of this operation,” says Guillaume Tissier. “The risk is that in the meantime, vigilance will be lowered on other fronts,” adds Gérôme Billois. In fact, the White House will organize an emergency meeting with government agencies to think about the best way to face this crisis situation, says the ‘Washington Post’.
“This operation highlights the systemic risk of the cyber threat as it demonstrates the great dependence that companies and other structures have on small software,” says Gérôme Billois. In other words, the smooth running of tens of thousands of companies is threatened by the flaws in one very popular program: Outlook.
The Chinese after the Russians
This is the second major cyber attack against the United States since the victory of Democrat Joe Biden, after the US presidential election in November 2020. Before the Outlook Exchange case, the Solarwinds scandal occurred in January 2021, name of a supplier of programs that works with a large number of US administrations. Hacking one of its programs allowed hackers, probably Russians, to spy on US ministries for several weeks.
“The last time the United States suffered major attacks from both Russia and China almost simultaneously dates back to the beginning of Barack Obama’s second term in 2012,” recalls Gérôme Billois. The Chinese cyber threat was even one of the central items on the agenda of the meeting between the United States and China in 2015.
“What’s going on? Are the other powers testing Joe Biden’s resolve in the cyber arena? ”Asked Chris Krebs, the former director of the US Cybersecurity Agency.
For Gérôme Billois, the Wavestone expert, it is quite possible that the Russians and the Chinese are trying to obtain as much information as possible about the new Administration, in order to have a good diplomatic start with the United States of the Biden era. .
Especially since the geopolitical tensions between Washington and the other two great powers are at their peak. Moscow suspects that Joe Biden will be less conciliatory than his predecessor Donald Trump, while the new US president said he would continue to make life difficult for Beijing commercially and technologically. In this sense, cyberattacks are also “used as diplomatic and political weapons”, summarizes Guillaume Tissier. By openly demonstrating that they can carry out attacks against the United States, they indicate that they know its weaknesses and that they are not afraid of a cyber pulse.
This article was adapted from its original in French
– .
