{"id":22723,"date":"2023-08-17T02:30:10","date_gmt":"2023-08-17T10:30:10","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2023\/08\/17\/news-16453\/"},"modified":"2023-08-17T02:30:10","modified_gmt":"2023-08-17T10:30:10","slug":"news-16453","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/08\/17\/news-16453\/","title":{"rendered":"China hacks the US military and government\u2014 the Feds blame Microsoft"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2020\/09\/anonymous_hooded_figure_surrounded_by_abstract_network_of_avatars_security_threat_social_media_social_engineering_identity_theft_hacker_criminal_by_ismagilov_gettyimages-1194319566_2400x1600-100859323-small.jpg\"\/><\/p>\n<p>Hidden in the basic infrastructure that runs the US military is a powerful piece of Windows-borne Chinese malware that can disrupt the communications systems, power grids, and water supplies at the military\u2019s bases around the world. One US congressional aide calls it a \u201cticking time bomb\u201d that <a href=\"https:\/\/www.nytimes.com\/2023\/07\/29\/us\/politics\/china-malware-us-military-bases-taiwan.html\" rel=\"noopener nofollow\" target=\"_blank\">as <em>The<\/em>\u00a0<em>New York Time<\/em>s put it<\/a>, \u201ccould give China the power to interrupt or slow American military deployments or resupply operations by cutting off power, water and communications to US military bases.\u201d<\/p>\n<p>The ultimate impact could be even worse, the newspaper notes, because businesses and people use the same infrastructure.<\/p>\n<p>That\u2019s not the only successful Chinese hack of Microsoft products targeting vital US institutions. Another targets Outlook and the cloud and has been used to break into the email accounts of US Commerce Secretary Gina Raimondo and various State Department officials. <a href=\"https:\/\/msrc.microsoft.com\/blog\/2023\/07\/microsoft-mitigates-china-based-threat-actor-storm-0558-targeting-of-customer-email\/\" rel=\"noopener nofollow\" target=\"_blank\">According to Microsoft<\/a>, the hack, called Storm-0558, &#8220;focuses on espionage, data theft, and credential access.\u201d<\/p>\n<p>These kinds of government-targeted hacks of Microsoft products have happened before. But this time, the response from the US \u00a0government might be different. In the past, the company suffered no consequences from the attacks. Now, Congress might investigate \u2014 and one prominent senator has already urged multiple federal agencies to investigate Microsoft for breaking the law because of its negligence.<\/p>\n<p>The Chinese email hack didn\u2019t target the US military; it was aimed instead at federal institutions that could harm or help the Chinese economy. The most influential victim, Raimondo, heads the agency that\u00a0<a href=\"https:\/\/www.washingtonpost.com\/national-security\/2022\/12\/15\/china-military-tech-export-ban\/\" rel=\"noopener nofollow\" target=\"_blank\">banned the export of US technologies<\/a> that it claims helps the Chinese military and is used to violate human rights. Among the banned products are semiconductor chips used for artificial intelligence and supercomputers.<\/p>\n<p>Beijing leaders have complained loudly that the ban is a form of economic warfare. Behind the scenes, though, it\u2019s been doing more than complaining. It\u2019s hacked into the accounts not just of Raimondo, but also, the <em>Washington Post<\/em> reports, <a href=\"https:\/\/www.washingtonpost.com\/national-security\/2022\/12\/15\/china-military-tech-export-ban\/\" rel=\"noopener nofollow\" target=\"_blank\">\u201cthe email accounts of a congressional staffer, a U.S. human rights advocate and U.S. think tanks<\/a>.\u201d<\/p>\n<p>The FBI claims that no classified information was accessed or stolen. That doesn\u2019t mean the breach isn\u2019t serious, though. Being able to read the private emails of Raimondo, State Department officials and others could offer China a tremendous amount of inside information about US plans for dealing with China in the future.<\/p>\n<p>Former officials said the hack \u201cwould have allowed Beijing to see into diplomats&#8217; planning for a succession of high stakes visits to China in June and July by U.S. cabinet members, including Secretary of State Antony Blinken, Raimondo and US Treasury Secretary Janet Yellen,&#8221; according to\u00a0<a href=\"https:\/\/www.newsweek.com\/microsoft-china-state-department-email-hack-antivirus-senators-cybersecurity-1814665\" rel=\"noopener nofollow\" target=\"_blank\">Newsweek<\/a>.<\/p>\n<p>The hack forged authentication tokens used by Outlook Web Access in Exchange Online (OWA) and Outlook.com, allowing Chinese hackers to get access to officials\u2019 email accounts and calendar items. US organizations and officials weren\u2019t the only victims \u2014 officials in Western Europe were hit, too.<\/p>\n<p>The hack was first discovered June 16, around the time Blinken traveled to China. But Charlie Bell, executive vice president for Microsoft Security,\u00a0<a href=\"https:\/\/blogs.microsoft.com\/on-the-issues\/2023\/07\/11\/mitigation-china-based-threat-actor\/\" rel=\"noopener nofollow\" target=\"_blank\">said in a blog post the hack was launched on May 15<\/a> and has now been \u201cmitigated\u201d \u2013 the hole closed.<\/p>\n<p>The other hack, malware that targeted military infrastructure, <a href=\"https:\/\/www.nytimes.com\/2023\/05\/24\/us\/politics\/china-guam-malware-cyber-microsoft.html\" rel=\"noopener nofollow\" target=\"_blank\">was discovered in May<\/a> when Microsoft found odd-looking code in telecommunications systems in Guam. The discovery worried US officials, because Guam has a port and massive air base that would likely be used in any US response to an invasion or blockade of Taiwan.\u00a0<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/24\/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques\/\" rel=\"noopener nofollow\" target=\"_blank\">Microsoft blamed a Chinese government-sponsored hacking group, Volt Typhoon, for that attack<\/a>. The hackers took particular care to cover their tracks and make the infection harder to discover. They melded the stream of their malicious traffic with \u201cnormal network activity by routing traffic through compromised small office and home office (SOHO) network equipment, including routers, firewalls, and VPN hardware. They have also been observed using custom versions of open-source tools to establish a command and control (C2) channel over proxy to further stay under the radar.\u201d<\/p>\n<p>The company concluded: \u201cMicrosoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.\u201d<\/p>\n<p>Federal security officials say the hacking campaign had been under way for at least a year. And they discovered that the hack aimed at \u00a0targets well beyond Guam, including critical infrastucture and communications systems at military bases worldwide.<\/p>\n<p>Because the attacks have been so well hidden, US officials aren&#8217;t even sure of the extent of the problem. It\u2019s serious enough that there have been a series of meetings held in the White House\u2019s situation room, and the Biden Administration has briefed Congress, state governors and utility companies about it.<\/p>\n<p>Congress has begun investigations, focused for now on the email hack. It\u2019s looking beyond just Chinese culpability into whether Microsoft bears responsibility for poor security practices in its multi-billion-dollar contract with the government. That contract is now potentially at risk.<\/p>\n<p><a href=\"https:\/\/www.hagerty.senate.gov\/press-releases\/2023\/07\/26\/hagerty-schmitt-colleagues-demand-answers-regarding-chinas-hack-of-state-department-email-server\/\" rel=\"noopener nofollow\" target=\"_blank\">More than half a dozen senators from both parties wrote to the State Department<\/a>, requesting more information about the hack, and about how Outlook can be better protected in the future. As these things go, it was pretty mild-mannered.<\/p>\n<p>But to a certain extent, that was just a front. Sen. Eric Schmitt (R-MO) was the driving force behind the letter, and he has Microsoft in his cross-hairs. Only a few weeks before the letter was sent, Schmitt <a href=\"https:\/\/www.newsweek.com\/senators-want-answers-microsoft-military-software-monopoly-it-antivirus-cybersecurity-1811799\" rel=\"noopener nofollow\" target=\"_blank\">inserted a provision into the annual defense bill<\/a> that orders Department of Defense CIO John Sherman to report to Congress on the &#8220;risks and benefits&#8221; of buying cybersecurity tools from Microsoft. Schmitt and others worry that relying on a single vendor for so much software and security tools leaves the US more vulnerable to hackers and spies.<\/p>\n<p>Sen. Ron Wyden (D-OR) went even further. <a href=\"https:\/\/www.wyden.senate.gov\/imo\/media\/doc\/wyden_letter_to_cisa_doj_ftc_re_2023_microsoft_breach.pdf\" rel=\"noopener nofollow\" target=\"_blank\">He wrote a scathing letter of his own<\/a> to the US Cybersecurity and Infrastructure Security Agency (CISA), Justice Department and Federal Trade Commission demanding the agencies \u201chold Microsoft responsible for its negligent cybersecurity practices.\u201d<\/p>\n<p>Wyden pointed to other federal security breaches, including the <a href=\"https:\/\/www.wired.com\/story\/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever\/\" rel=\"noopener nofollow\" target=\"_blank\">SolarWinds hacking campaign<\/a>,\u00a0that he argued had occurred because of Microsoft\u2019s lax security practices. He asked US Attorney General Merrick Garland to investigate \u201cwhether Microsoft\u2019s negligent practices violated federal law\u201d and called on FTC head Lina Khan to determine whether Microsoft\u2019s privacy and data security practices \u201cviolated federal laws enforced by the Federal Trade Commission, including those prohibiting unfair and deceptive business practices.\u201d<\/p>\n<p>Is Microsoft culpable for negligence in all this? At this point, there\u2019s no way to know. But one thing we do know: because of the hacks, it\u2019s open season on Microsoft in Congress. The company better double-down on its security practices, or billions of dollars could go up in smoke.<\/p>\n<p><a href=\"https:\/\/www.computerworld.com\/article\/3704497\/china-hacks-the-us-military-and-government-the-feds-blame-microsoft.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2020\/09\/anonymous_hooded_figure_surrounded_by_abstract_network_of_avatars_security_threat_social_media_social_engineering_identity_theft_hacker_criminal_by_ismagilov_gettyimages-1194319566_2400x1600-100859323-small.jpg\"\/><\/p>\n<article>\n<section class=\"page\">\n<p>Hidden in the basic infrastructure that runs the US military is a powerful piece of Windows-borne Chinese malware that can disrupt the communications systems, power grids, and water supplies at the military\u2019s bases around the world. One US congressional aide calls it a \u201cticking time bomb\u201d that <a href=\"https:\/\/www.nytimes.com\/2023\/07\/29\/us\/politics\/china-malware-us-military-bases-taiwan.html\" rel=\"noopener nofollow\" target=\"_blank\">as <em>The<\/em>\u00a0<em>New York Time<\/em>s put it<\/a>, \u201ccould give China the power to interrupt or slow American military deployments or resupply operations by cutting off power, water and communications to US military bases.\u201d<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3704497\/china-hacks-the-us-military-and-government-the-feds-blame-microsoft.html#jump\">To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[11067,10516,714],"class_list":["post-22723","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-government-it","tag-microsoft","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/22723","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=22723"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/22723\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=22723"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=22723"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=22723"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}