Microsoft hacked again in massive attack, China’s cyber espionage energy “soars”

U.S. technology giant Microsoft Corp. reported Tuesday (July 13) that its software system, SolarWinds, was subjected to a massive attack by a Chinese hacker group.

The Microsoft Threat Intelligence Center (MSTIC), a division of Microsoft, said it had a high degree of confidence that the hacking group was a hacking group from China but operating outside the country.

MSTIC said the group’s choice of targets, methods and procedures for carrying out the attack all support this determination.

This is the latest in a series of large-scale hacking attacks on Microsoft. In March, Microsoft’s email system Outlook was hit by a massive hack that affected hundreds of thousands of mailboxes at U.S. businesses, government agencies and schools. U.S. media said the attack came from a Chinese cyber espionage group that successfully implemented the attack by exploiting a vulnerability in Microsoft’s Microsoft Exchange software.

Microsoft Corp. said Tuesday that in this latest hack, hackers targeted vulnerabilities in Microsoft’s Sunwind software system to launch the attack. Microsoft said the flaw in Microsoft’s server software, if successfully exploited by hackers, they would be able to install and run malicious load software in Microsoft’s systems, which could access and modify data.

Microsoft said the investigation is ongoing. The investigation found that the hacking group targeted a number of organizations in the U.S. military’s research and development and software fields. Microsoft said the hacking group is a “development team,” and now Microsoft has confirmed the identity of the hackers in the group, and the hacking of the affected departments to inform and provide the necessary support.

Sunwind Software said it had received a notification from Microsoft’s security department. The vulnerability in the company’s software is related to the way its products are hosted for file transfer and encrypted file transfer. The company said the relevant vulnerabilities have been patched.

Cyber attacks by Chinese hackers on the U.S. government, technology companies, and vaccine research and development facilities have become more frequent in the last two years. Last September, U.S. federal prosecutors filed a lawsuit against five Chinese nationals for alleged cyberattacks on more than 100 U.S. and overseas companies and institutions, including social media companies, universities and telecommunications providers. U.S. officials say the individuals appear to have ties to Chinese intelligence.

The Insikt Group, a research arm of Recorded Future, which specializes in cybersecurity research, released a report last month saying that China’s cyber attack force, a combination of the People’s Liberation Army and the Ministry of State Security, has catapulted China from a “second-tier” cyber threat country to a “world-leading cyber threat” in more than a decade. “the world’s top cyber threat.

James Andrew Lewis, director of the science and technology program at the Center for Strategic and International Studies, a major Washington-based U.S. think tank, said China’s cyberattack capabilities have made significant “advances” over the past decade and that “they are a major source of espionage attacks against the United States. They are a major source of espionage attacks against the United States.”