According to the Associated Press, Kevin Mandia of FireEye said in response that the second wave of hacking attacks, which began on Feb. 26, had the hallmarks of elite cyber espionage on Beijing‘s part and far exceeded the norms of general cyber espionage. In terms of its scale, the attack is very different from the highly targeted nature of the first wave of hacks discovered in January of this year.
You would never expect to see a modern state with offensive capabilities like the Chinese Communist Party – they usually use discipline to control hide that capability -” Mandia said in an interview with The Associated Press on Tuesday (March 9). -to suddenly launch an attack on 100,000 systems.”
Mandia said his firm’s assessment, based on forensics, shows that two groups of Hackers backed by the Communist regime have installed a large number of automatically seeded backdoors, known as “web shells,” on a yet-to-be-finalized number of systems. Experts are concerned that the large number of backdoors could be easily exploited by criminals for a second phase of ransomware infections, who also use automation to identify and infect targets.
Across the globe, cybersecurity teams are busy identifying and maintaining hacked systems. On Tuesday (March 9), the National Governors Association issued a rare alert to state governors asking them to strengthen “awareness of the severity of the threat and the next steps to be taken by local governments, businesses and operators of critical infrastructure. “
David Kennedy, CEO of cybersecurity firm TrustedSec, tweeted Tuesday that “resource-requesting programs for ‘mining’ cryptocurrencies are being installed on some threatened exchange servers.
The White House has called the hack an “active threat,” but so far Biden has not urged tough action against the Chinese Communist Party, nor has he distinguished between the two waves of attacks – at least not in the public domain. Neither the White House nor the Department of Homeland Security has commented on whether to blame the second wave of hacking attacks on the Chinese Communist Party.
Mandia has been dealing with hackers backed by the Chinese Communist regime since 1995 and has long been on the radar of presidents and prime ministers. Mandia’s assessment is consistent with that of Dmitri Alperovitch, former chief technology officer of CrowdStrike, another Washington-area cybersecurity agency. Alperovitch commented that the Chinese Communist Party needs to be notified immediately: shut down those cyber shell implant backdoors.
The wave of widespread hacks that automatically create backdoors began five days before Microsoft released its patches, when cybersecurity firm Volexity discovered vulnerabilities in patches first released by Microsoft in late January of this year. The company found evidence that the vulnerabilities were exploited by hackers backed by the Chinese Communist regime as early as Jan. 3. The hackers targeted U.S. think tanks, universities, defense contractors, law firms and infectious disease research centers, the researchers said.
Suddenly, all organizations running email servers were infected with cyber shell attacks linked to known Chinese Communist hacking groups, Mandia said. These hacker groups knew that patches were about to be released, so they rushed to attack everything they could.
In an interview at FireEye’s offices, Mandia commented, “It’s like they feel like their lives are about to end, so they get crazy.” “It’s like they strafed the entire network with machine guns.”
Mandia added, “The second wave of infection attacks may not have been approved by the highest levels of the Communist Party [regime].”
“This is inconsistent with what they normally do,” he explained, “and very often there is a disconnect between the top leadership and the front-line executors. All I can tell you is that I was surprised to see four ‘zero days loopholes’ (zero days) being exploited with impunity.” He added, “If you can be exploited by this attack, in most cases, you have been.”
“Zero-day vulnerabilities,” also known as “zero-day attacks,” are security flaws that are discovered and then immediately exploited for malicious purposes to pry open secret doors in software. They get their name from the countdown to patching that begins after deployment. In layman’s terms, this means that the security patch appears within the same day as the flaw is exposed, and the malicious program in question appears. In this case, it took Microsoft 28 days to develop a patch after being notified.
Mandia warned that a large-scale hack would not trigger any critical infrastructure failures or cause loss of Life. “It won’t shed blood, but it highlights that there are no rules of engagement in cyberspace, something that governments urgently need to address ‘before disaster strikes.'”
Asked on Monday (March 8) whether it was the hacker behind the incident, the Chinese Embassy in Washington noted that the Communist Party’s Foreign Ministry spokesman Wang Wenbin had stated last week that the Communist Party “resolutely opposes and combats all forms of cyber attacks and cyber theft.” He said accusations of cyberattacks should be based on evidence, not “baseless accusations.”
Mandia compared the Microsoft Exchange hack to the SolarWinds hacking operation, which Washington blamed on elite Russian cyber intelligence operatives his company discovered last December.
The SolarWinds attack was very stealthy, very covert and very focused,” Mandia said. The hackers showed restraint in that they went for depth rather than trying to expand the scope.” He has attended several U.S. congressional hearings on the Sunwind hack. And “this attack (on Exchange) feels very broad in scope, but I don’t know yet how deep it really is.”
U.S. officials said at least nine federal agencies and more than 100 private-sector targets were affected by the Sunwind hacking operation. The operation is named after a Texas-based company. The company’s network management software was used to plant malware on more than 18,000 customers. Only a small percentage were hacked in the operation, which lasted eight months without being detected.
Mandia said Russian intelligence officers manually hacked into the networks of 60 to 100 different victims. Security researchers said telecoms, software companies and think tanks were particularly hard hit by the attacks.
Recent Comments