MESSAGE
| DATE | 2023-07-15 |
| FROM | Ruben Safir
|
| SUBJECT | Subject: [Hangout - NYLXS] Chinese haking and break ins of us officials and
|
wsj.com
Microsoft Email Hack Shows Greater Sophistication, Skill of China’s
Cyberspies
Dustin Volz, Robert McMillan and Josh Chin
7–8 minutes
The hack of email accounts of senior U.S. officials including the
commerce secretary is the latest feat from a network of Chinese
state-backed hackers whose leap in sophistication has alarmed U.S.
cybersecurity officials.
The espionage was aimed at a limited number of high-value U.S.
government and corporate targets. Though the number of victims appeared
to be small, the attack—and others unearthed in the past few months
linked to China—demonstrated a new level of skill from Beijing’s large
hacker army, and prompted concerns that the extent of its infiltration
into U.S. government and corporate networks is far greater than
currently known.
Even just a few years ago, Chinese hackers were known among
cybersecurity investigators for loud smash-and-grab heists of
intellectual property, military technology and even a database of U.S.
government employees’ personal information. The sometimes crude tactics,
while effective, were often geared toward collecting huge troves of data
rather than spying persistently on valuable targets, and typically left
traces that made the hackers easy to identify and guard against in the
future.
China’s hacker army used to be “noisy” and “rudimentary,” George Barnes,
the deputy director of the National Security Agency, said Thursday at an
intelligence conference. The new hack and others identified in the past
few months have shown that Beijing’s sophistication “continues to
increase,” he said.
The advances are driven by necessity. With competition between the U.S.
and China at its fiercest in decades, Beijing is eager for intelligence
on what Washington is thinking and doing, officials and security
analysts said. But recent progress in cybersecurity is forcing Chinese
hackers to be more discriminating about when and how they break in,
while heightened geopolitical tensions mean they have to be quieter as
they poke around.
The latest attack focused on the Microsoft email accounts of Commerce
Secretary Gina Raimondo, State Department officials and others not
publicly disclosed. It is already being rated by some security experts
as among the most technically sophisticated and stealthy ever
discovered, though many details—including how it began—haven’t been
shared by Microsoft. It and other recently disclosed cyber-espionage
operations suggest Chinese hackers can now burrow deep into high-level
computer networks and evade detection for months or even years.
The U.S. hasn’t formally linked the attack to China, though Microsoft
attributed it to a Chinese hacking group and officials and lawmakers
have said Beijing is responsible. China has denied the allegations.
China long relied on techniques such as blasting malicious spam at
hundreds of thousands of inboxes with little effort on the chance even a
single unsuspecting target would reveal a password. In some instances,
hackers would clumsily roam around a network until they tripped a
security alert that enabled defenders to quickly kick them out,
cybersecurity researchers said.
In 2015 the U.S. and China agreed to scale back cyberattacks, and
operations against Western targets appeared to decline. Then, in 2020
they began to increase again, only with much greater sophistication.
Fueled by the threat of ransomware attacks mostly emanating from Eastern
Europe, companies had gotten better at detecting attacks. So the Chinese
switched focus and began hitting devices on the edge of corporate
networks—hacks that were less likely to trigger security warnings, said
Charles Carmakal, the chief technology officer with Google’s Mandiant
cybersecurity group.
With the latest attack, the Chinese went a step further in their stealth
technique. They gained access to the guts of Microsoft’s cryptographic
protection system and used it to produce digital tokens—long strings of
numbers and letters that are stored in the browser and act as a digital
passport for Microsoft’s online services.
“They’re hitting where the log data doesn’t exactly light up like a
siren to tell you what’s wrong,” said Matt Durrin, director of training
and research at the security consulting firm LMG Security.
U.S. officials and Microsoft researchers disclosed on Tuesday that
hackers linked to China breached email accounts at more than two dozen
organizations globally, including some U.S. government agencies.
American officials later said that Raimondo and senior officials at the
State Department were among those in the government whose unclassified
accounts were compromised.
Microsoft shared new details about the hack in a technical blog post
Friday, but said that some aspects of how the hack unfolded remained
unclear to its security team.
The hack was because of a “a validation error in Microsoft code,” the
company said, but the blog post didn’t say when the bug was introduced.
It also didn’t explain how the hackers were able to obtain the
cryptographic tool they used to create their digital tokens. “The method
by which the actor acquired the key is a matter of ongoing
investigation,” the post said.
A Microsoft spokeswoman declined to answer further questions about the hack.
“It was a very advanced technique and capability and I imagine it was
very valuable to the actor that used it,” said Carmakal. That was likely
a reason why it appears to have been used on a small number of
high-value targets, he said. “The more they used it, the greater the
likelihood of getting caught.”
Cybersecurity specialists at the State Department detected the espionage
campaign in June, around the time when Secretary of State Antony Blinken
was planning a visit to Beijing to try to shore up deteriorating
relations between the two powers.
Blinken raised the hacking issue Thursday during a meeting in Jakarta
with China’s top foreign-policy official, State Department spokesman
Matt Miller said.
Blinken declined to answer directly a question during a news conference
Friday about whether his email account was compromised.
“I can’t discuss details of our response,” he said. “Most critically,
this incident remains under investigation.”
William Mauldin and Warren P. Strobel contributed to this article.
Write to Dustin Volz at dustin.volz-at-wsj.com, Robert McMillan at
robert.mcmillan-at-wsj.com and Josh Chin at Josh.Chin-at-wsj.com
Copyright ©2023 Dow Jones & Company, Inc. All Rights Reserved.
87990cbe856818d5eddac44c7b1cdeb8
Appeared in the July 15, 2023, print edition as 'Email Attack Shows Leap
in China Skills'.
What to Read Next
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
_______________________________________________
Hangout mailing list
Hangout-at-nylxs.com
http://lists.mrbrklyn.com/mailman/listinfo/hangout
|
|
