Posted on March 5, 2021 at 2:10 PM
Sometimes, news can sound like old spy thrillers. Many things can be said about the so-called “Dark Side” of the world, fraught with espionage, backstabbing, and secret societies. Some of these talks are arguments about whether that side of the world even exists.
Everyone has a different thought, and hopping on certain conspiracy groups can suddenly present you with “definitive” proof that the Soviet Union faked the US moon landing, among others.
Peeling Back The Curtain Somewhat
Now, however, is a time of real espionage: The US government has given out an emergency warning after Microsoft had reported that it caught China successfully hacking into Exchange, its mail, and calendar server program.
Now, this information was revealed by way of a blog post from Microsoft itself. In the blog post, it detailed how the hack itself was a 0-day exploit, meaning that it was an exploit not yet discovered by the general public.
The actors attacked various on-premise Exchange servers, which gave them access to various email accounts on top of installing additional malware to ensure long-term access to victim environments.
It was coordinated and precise, with the Microsoft Threat Intelligence Center (MSTIC) stating that it has high certainty the attack was done by HAFNIUM.
Actors Responsible Holds A History
Now, here’s where the plot thickens. HAFNIUM itself is a hacking group that was determined to be sponsored by the Chinese Communist Party (CCP) and operating within the nation of China itself.
According to MSTIC, this determination was done through observations of tactics, victimology, and procedures. Every entity has habits, and this Modus Operandi (MO) seems to point to HAFNIUM
HAFNIUM itself has been making a habit of targeting US industries in general. Everything from law firms to infectious disease centers to defense contractors, higher education institutions, NGOs and even policy think tanks are all part of HAFNIUM’s target list. Typically speaking, HAFNIUM does these operations through US-based VPNs, as well.
Another key aspect of HAFNIUM’s MO is the lack of “Ransomware”. It seems that, regardless of what they’re breaching, they exfiltrate the juicy bits of data to various data file sharing sites, such as MEGA, and don’t try to steal anything for monetary purposes. It seems the group has been quite active.
Through various other campaigns unrelated to the vulnerabilities exploited in this most recent hack, HAFNIUM has interacted with victim tenants of Office 365. Microsoft did state that user accounts typically fail to be exploited, but warned that all of this is a constant learning experience for the China-Sponsored hacking team.
US’s CISA Issues Emergency Warnings
It should be noted, however, that the vulnerabilities of the breach itself had already been plugged up by Microsoft.
As one would imagine, this kind of move really sets the ball rolling. It wasn’t long after the announcement from Microsoft that the US Cybersecurity and Infrastructure Security Agency (CISA) gave out an emergency directive about the matter at large. In this directive, CISA mandated any and all government agency to update their Exchange programs before Friday 12:00 PM
Some Important Differences Handling Accusations
Now, NBC News tried to come into contact with Washington’s Chinese Embassy, and their response is to refer to comments made by one Wang Wenbin, a spokesperson.
Wenbin stated that China as a nation has stated on numerous occasions that cyberspace’s virtual nature makes cyber-attack tracing a difficult matter indeed. This, Wenbin stated, is only compounded thanks to the sheer volume of malicious online actors that are out there.
The statement concluded that China hopes that both the media and the company in question shouldn’t do anything too rash, urging the adoption of a responsible, professional attitude about it all.
Indeed, the statement concluded by urging everyone to gather plentiful proof before making “groundless” accusations regarding the identification of these cyber-related incidents.
A very clean, non-incriminating, and purposefully vague denial of involvement.
At this point, it might be relevant to look back to 2016, where allegations were thrown against the Russian government for assassinating Alexander Litvinenko, a former KGB agent. Litvinenko was murdered through being poisoned by polonium-210, a radioactive substance that is, quite frankly, a horribly effective means of execution.
The Russians were at least cheeky about defending themselves, back then. The Kremlin warned that the conclusions regarding Russian Intelligence possibly being involved within the assassination might “poison” the relations between the UK and Russia. At least they had a little fun while denying everything they may or may not have done.