How China’s attack on Microsoft escalated into a “reckless” hacking spree

Link: https://www.technologyreview.com/2021/03/10/1020596/how-chinas-attack-on-microsoft-escalated-into-a-reckless-hacking-spree

Excerpt:

At first the Chinese hackers ran a careful campaign. For two months, they exploited weaknesses in Microsoft Exchange email servers, picked their targets carefully, and stealthily stole entire mailboxes. When investigators eventually caught on, it looked like typical online espionage—but then things accelerated dramatically.

Around February 26, the narrow operation turned into something much bigger and much more chaotic. Just days later, Microsoft publicly disclosed the hacks—the hackers are now known as Hafnium—and issued a security fix. But by then attackers were looking for targets across the entire internet: in addition to tens of thousands of reported victims in the US, governments around the world are announcing that they were compromised too. Now at least 10 hacking groups, most of them government-backed cyber-espionage teams, are exploiting the vulnerabilities on thousands of servers in over 115 countries, according to the security firm ESET.

Author(s): Patrick Howell O’Neill

Publication Date: 10 March 2021

Publication Site: MIT Technology Review

Recovering from the SolarWinds hack could take 18 months

Link: https://www.technologyreview.com/2021/03/02/1020166/solarwinds-brandon-wales-hack-recovery-18-months/

Excerpt:

Brandon Wales, the acting director of CISA, the US Cybersecurity and Infrastructure Agency, says that it will be well into 2022 before officials have fully secured the government networks compromised by Russian hackers. The list includes at least nine federal agencies, including the Department of Homeland Security and the State Department. Even fully understanding the extent of the damage will take months.

“I wouldn’t call this simple,” Wales says. “There are two phases for response to this incident. There is the short-term remediation effort, where we look to remove the adversary from the network, shutting down accounts they control, and shutting down entry points the adversary used to access networks. But given the amount of time they were inside these networks—months—strategic recovery will take time.”

Author(s): Patrick Howell O’Neill

Publication Date: 2 March 2021

Publication Site: MIT Technology Review