Tag Archives: cyberattack China

Who Trusts Microsoft? The Locked-In

Leave a reply

In 2024, the Department of Homeland Security released a scathing report detailing Microsoft’s mistakes during a 2023 hack in which China stole thousands of emails from top government officials. Two years before that, China-linked cyberattackers compromised more than 250,000 Microsoft Exchange servers. In response to the 2024 report, Nadella, the CEO of Microsoft, promised to rededicate Microsoft to protecting its products and its customers from bad actors…

Shortly after Nadella took the reins, Microsoft eliminated the group that had companywide responsibility for Microsoft’s security work, pushing security decisions to the individual business units. Around the same time, Microsoft changed the way it developed software, laying off many of the test engineers charged with uncovering bugs before products ship to customers…

With regard to the July 2025 Microsoft hack, researchers said more than 400 SharePoint servers had been hacked—many of them belonging to government entities—and Microsoft had linked some of the attacks to the Chinese government

In previous episodes, such as the massive 2021 hack of the Microsoft Exchange email system, China pulled off impressive technical feats before being caught…

Regarding the 2025 SharePoint cyberattack, Eye Security researchers discovered, on July 18, 2025 an unauthorized script on a SharePoint server belonging to one of their customers. As the Eye team dug in, they started finding the same script on about 150 other SharePoint servers all over the internet…The script opened a back door to the SharePoint servers, creating an encryption key that could be used later to run commands on the machine. “It was just like a door key left on the street,” said Kerkhofs. “It was accessible for everybody. We just started scanning and we grabbed all the keys.”…Microsoft, learning that hackers were exploiting the bugs, called in its security team.

Eventually the Eye team discovered 80 infected organizations. European government agencies were compromised, as were U.S. federal agencies, municipalities and universities…

On July 20, 2025, the Energy Department confirmed that it was a victim… News of the compromise was reported by Bloomberg, which said that the National Nuclear Security Administration was specifically victimized.

Excerpt from Robert McMillan, A Failed Microsoft Security Patch Is the Latest Win for Chinese Hackers, WSJ, July 25, 2025

What is the Real Trump Card of China

Leave a reply

Chinese officials acknowledged in a secret December 2024 meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate. The Chinese delegation linked years of intrusions into computer networks at U.S. ports, water utilities, airports and other targets, to increasing U.S. policy support for Taiwan, the people, who declined to be named, said.  …The Chinese official’s remarks at the December meeting were indirect and somewhat ambiguous, but most of the American delegation in the room interpreted it as a tacit admission and a warning to the U.S. about Taiwan, a former U.S. official familiar with the meeting said.

Excerpts from Dustin Volz, In Secret Meeting, China Acknowledged Role in U.S. Infrastructure Hacks, WSJ, Apr. 10, 2025

The Under-the-Hood Cyberattacks

Leave a reply

The Biden administration sanctioned a Chinese company in January 2025  it said was behind the vast cyber intrusions into U.S. telecommunications networks that swept up phone calls of scores of U.S. government officials as well as those of incoming President Donald Trump.

The U.S. Treasury Department said that Sichuan Juxinhe Network Technology Co. was directly involved in the deep compromises of the telecommunications firms, which U.S. officials and lawmakers have said is a historically damaging espionage campaign carried out on behalf of the Chinese government. The firm is based in the Sichuan province of China and advertises itself as a technology-services and cybersecurity company.

Separately, U.S. authorities sanctioned a Shanghai-based hacker, Yin Kecheng, whom they allege was involved in an unrelated breach of sensitive systems within the Treasury Department itself. Neither Sichuan Juxinhe nor Yin Kecheng could immediately be reached for comment.

The sanctions… are the most direct public response to the telecom hacks, which were first revealed by The Wall Street Journal in 2024 and have been attributed to a hacking group dubbed Salt Typhoon. The sanctions will block U.S. transactions with Sichuan Juxinhe and allow for the seizure of any property or interests the firm has within the U.S. It couldn’t be immediately established whether the firm, for which little information was available online, had any U.S.-held assets or property.

Hackers compromised at least nine American telecommunications firms, scooping up enormous amounts of call-log data and the unencrypted texts and call audio from several dozen specific high-value targets. They also accessed wiretap-surveillance systems at victim companies Verizon Communications and AT&T in an apparent effort to learn how much the FBI and others understood about Beijing’s spies operating in the U.S. and internationally, according to investigators.

In the Treasury Department hack, China is believed to have accessed unclassified files located on compromised work computers of a range of senior officials, including Secretary Janet Yellen… The intrusion occurred through a hacked third-party software vendor called BeyondTrust, which was able to remotely access virtually any Treasury work computer, the people said. The department’s sanctions office itself—the same one that imposed penalties—was breached in the hack, as were other offices that possess sensitive nonpublic information. 

Excerpt from The U.S. Sanctions Beijing Firm Behind Major ‘Salt Typhoon’ Telecom Hacks, WSJ, Jan. 17, 2025

When Phones Become Useless: the Attack on US Telecommunications Infrastructure

Leave a reply

The Consumer Financial Protection Bureau  has issued a directive to employees to reduce the use of their phones for work matters because of China’s recent hack of U.S. telecommunications infrastructure. In an email to staff sent November 7, 2024, the chief information officer at the Consumer Financial Protection Bureau warned that internal and external work-related meetings and conversations that involve nonpublic data should only be held on platforms such as Microsoft Teams and Cisco WebEx and not on work-issued or personal phones.

“Do NOT conduct CFPB work using mobile voice calls or text messages,” the email said, while referencing a recent government statement acknowledging the telecommunications infrastructure attack. “While there is no evidence that CFPB has been targeted by this unauthorized access, I ask for your compliance with these directives so we reduce the risk that we will be compromised,” said the email, which was sent to all CFPB employees and contractors.

The alert is the latest demonstration of concerns within the federal government about the scale and scope of the hack, which investigators are still endeavoring to fully understand and have attributed to a group dubbed Salt Typhoon.  The hackers are said to have compromised data about calls and in some cases recorded phone audio from certain high-value targets, including individuals affiliated with both the Trump and Harris presidential campaigns… A directive to avoid cellphone use in response to a specific threat is rare for a government agency and reflects the level of concern among investigators about the severity of the breaches of telecommunications companies, including Verizon and AT&T…U.S. investigators believe hackers tied to a Chinese intelligence agency are responsible for the breaches and that they have targeted an array of senior national security and policy officials across the U.S. government in addition to politicians.

Excerpts from Anna Maria Andriotis and Dustin Vole, US Agency Warns About Chinese Phone Hacks, WSJ, Nov. 8, 2024

How to Create Panic? China’s Typhoons

Leave a reply

Hackers linked to the Chinese government have broken into a handful of U.S. internet-service providers in 2024 in pursuit of sensitive information…The hacking campaign, called Salt Typhoon by investigators, hasn’t previously been publicly disclosed and is the latest in a series of incursions that U.S. investigators have linked to China in recent years. The intrusion is a sign of the stealthy success Beijing’s massive digital army of cyberspies has had breaking into valuable computer networks in the U.S. and around the globe.

In Salt Typhoon, the actors linked to China burrowed into America’s broadband networks. In this type of intrusion, bad actors aim to establish a foothold within the infrastructure of cable and broadband providers that would allow them to access data stored by telecommunications companies or launch a damaging cyberattack…Investigators are exploring whether the intruders gained access to Cisco Systems routers, core network components that route much of the traffic on the internet, according to people familiar with the matter. Microsoft is investigating the intrusion and what sensitive information may have been accessed, people familiar with the matter said.

China has made a practice of gaining access to internet-service providers around the world. But if hackers gained access to service providers’ core routers, it would leave them in a powerful position to steal information, redirect internet traffic, install malicious software or pivot to new attacks.

In September 2024, U.S. officials said they had disrupted a network of more than 200,000 routers, cameras and other internet-connected consumer devices that served as an entry point into U.S. networks for a China-based hacking group called Flax Typhoon. And in January 2024, federal officials disrupted Volt Typhoon, yet another China-linked campaign that has sought to quietly infiltrate a swath of U.S. critical infrastructure. “The cyber threat posed by the Chinese government is massive,” said Christopher Wray, the Federal Bureau of Investigation’s director, speaking earlier this year at a security conference in Germany. “China’s hacking program is larger than that of every other major nation, combined.”

U.S. security officials allege that Beijing has tried and at times succeeded in burrowing deep into U.S. critical infrastructure networks ranging from water-treatment systems to airports and oil and gas pipelines. Top Biden administration officials have issued public warnings over the past year that China’s actions could threaten American lives and are intended to cause societal panic. The hackers could also disrupt the U.S.’s ability to mobilize support for Taiwan in the event that Chinese leader Xi Jinping orders his military to invade the island….

Excerpts from Sarah Krouse et al., China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack, WSJ, Sept. 26, 2024

Delete America: China’s Document 79

Leave a reply

A 2022 Chinese government directive aims to get US technology out of China—an effort some refer to as “Delete A,” for Delete America.  Document 79 was so sensitive that high-ranking officials and executives were only shown the order and weren’t allowed to make copies… It requires state-owned companies in finance, energy and other sectors to replace foreign software in their IT systems by 2027. 

American tech giants had long thrived in China as they hot-wired the country’s meteoric industrial rise with computers, operating systems and software. Chinese leaders want to sever that relationship, driven by a push for self-sufficiency and concerns over the country’s long-term security…Document 79, named for the numbering on the paper, targets companies that provide software—enabling daily business operations from basic office tools to supply-chain management. The likes of  Microsoft  and Oracle are losing ground in China

Excerpts from Liza Lin, China Intensifies Push to ‘Delete America’ From Its Technology, Mar. 7, 2024

The Under-Our-Noses Nasty Wars

Leave a reply

Christopher Wray warned in February 2023 that Beijing’s efforts to covertly plant offensive malware inside U.S. critical infrastructure networks is now at “a scale greater than we’d seen before,” an issue he has deemed a defining national security threat. Citing Volt Typhoon, the name given to the Chinese hacking network that was revealed in 2023 to be lying dormant inside U.S. critical infrastructure, Wray said Beijing-backed actors were pre-positioning malware that could be triggered at any moment to disrupt U.S. critical infrastructure. Officials have grown particularly alarmed at Beijing’s interest in infiltrating U.S. critical infrastructure networks, planting malware inside U.S. computer systems responsible for everything from safe drinking water to aviation traffic so it could detonate, at a moment’s notice, damaging cyberattacks during a conflict.

The Netherlands’ spy agencies said in February 2024 that Chinese hackers had used malware to gain access to a Dutch military network in 2023. The agency, considered to have one of Europe’s top cyber capabilities, said it made the rare disclosure to show the scale of the threat and reduce the stigma of being targeted so allied governments can better pool knowledge.

A report released in February 2024 by agencies including the FBI, the Cybersecurity and Infrastructure Agency and the National Security Agency said Volt Typhoon hackers had maintained access in some U.S. networks for five or more years, and while it targeted only U.S. infrastructure directly, the infiltration was likely to have affected “Five Eyes” allies…

Excerpts from  Joe Parkinson, BI Director Says China Cyberattacks on U.S. Infrastructure Now at Unprecedented Scale, WSJ, Feb. 19, 2024

Algorithms as Weapons –Tracking,Targeting Nuclear Weapons

Leave a reply

 
New and unproved technologies—this time computer systems capable of performing superhuman tasks using machine learning and other forms of artificial intelligence (AI)—threaten to destabilise the global “strategic balance”, by seeming to offer ways to launch a knockout blow against a nuclear-armed adversary, without triggering an all-out war.

A report issued in November by America’s National Security Commission on Artificial Intelligence, a body created by Congress and chaired by Eric Schmidt, a former boss of Google, and Robert Work, who was deputy defence secretary from 2014-17, ponders how AI systems may reshape global balances of power, as dramatically as electricity changed warfare and society in the 19th century. Notably, it focuses on the ability of AI to “find the needle in the haystack”, by spotting patterns and anomalies in vast pools of data…In a military context, it may one day find the stealthiest nuclear-armed submarines, wherever they lurk. The commission is blunt. Nuclear deterrence could be undermined if AI-equipped systems succeed in tracking and targeting previously invulnerable military assets. That in turn could increase incentives for states, in a crisis, to launch a devastating pre-emptive strike. China’s rise as an AI power represents the most complex strategic challenge that America faces, the commission adds, because the two rivals’ tech sectors are so entangled by commercial, academic and investment ties.

Some Chinese officials sound gung-ho about AI as a path to prosperity and development, with few qualms about privacy or lost jobs. Still, other Chinese fret about AI that might put winning a war ahead of global stability, like some game-playing doomsday machine. Chinese officials have studied initiatives such as the “Digital Geneva Convention” drafted by Microsoft, a technology giant. This would require states to forswear cyber-attacks on such critical infrastructure as power grids, hospitals and international financial systems.  AI would make it easier to locate and exploit vulnerabilities in these…

One obstacle is physical. Warheads or missile defences can be counted by weapons inspectors. In contrast, rival powers cannot safely show off their most potent algorithms, or even describe AI capabilities in a verifiable way….Westerners worry especially about so-called “black box” algorithms, powerful systems that generate seemingly accurate results but whose reasoning is a mystery even to their designers.

Excerpts from Chaguan: The Digital Divide, Economist, Jan 18, 2019

Cyberwar: USA Official Doctrine

Leave a reply

 

In his first major speech [March 28, 2014] on cyber policy, Defense Secretary Chuck Hagel sough to project strength but also to tame perceptions of the United States as an aggressor in computer warfare, stressing that the government “does not seek to militarize cyberspace.”…

Hagel said that the fighting force at U.S. Cyber Command will number more than 6,000 people by 2016, making it one of the largest such ­forces in the world. The force will help expand the president’s options for responding to a crisis with “full-spectrum cyber capabilities,” Hagel said, a reference to cyber operations that can include destroying, damaging or sabotaging an adversary’s computer systems and that can complement other military operations.

But, Hagel said, the military’s first purpose is “to prevent and de-escalate conflict.” The Pentagon will maintain “an approach of restraint to any cyber operations outside of U.S. government networks.”  Although some U.S. adversaries, notably China and Russia, which also have formidable cyber capabilities, may view his remarks with skepticism, Hagel said the Pentagon is making an effort to be “open and transparent” about its cyber­forces and doctrine. The hope, senior officials said, is that transparency will lead to greater stability in cyberspace.  To underscore the point, Hagel’s speech was broadcast live from NSA headquarters at Fort Meade, the first such broadcast from the agency…

Tensions over U.S. cyber operations intensified again last weekend after a report that the NSA had penetrated the networks of a Chinese telecommunications giant, Huawei Technologies, in search of evidence that it was involved in espionage operations for Beijing and to use its equipment to spy on adversaries such as Iran. After the disclosure, first reported by the New York Times and Der Spiegel, China demanded a halt to any such activity and called for an explanation…

Analysts said that China and Russia were unlikely to be convinced by Hagel’s remarks. Revelations about the NSA’s activities, based on documents provided by former contractor Edward Snowden, make U.S. assertions that it is focused on protecting U.S. national security — and not actively infiltrating others’ networks — that much harder to accept, they said.

Excerpts from: Ellen Nakashima, U.S. cyberwarfare force to grow significantly, defense secretary says, Washington Post, Mar. 28, 2014

See also http://www.defense.gov/news/newsarticle.aspx?id=121928