Hidden in the basic infrastructure that runs the US military is a powerful piece of Windows-borne Chinese malware that can disrupt the communications systems, power grids, and water supplies at the military’s bases around the world. One US congressional aide calls it a “ticking time bomb” that as The New York Times put it, “could give China the power to interrupt or slow American military deployments or resupply operations by cutting off power, water and communications to US military bases.”
The ultimate impact could be even worse, the newspaper notes, because businesses and people use the same infrastructure.
That’s not the only successful Chinese hack of Microsoft products targeting vital US institutions. Another targets Outlook and the cloud and has been used to break into the email accounts of US Commerce Secretary Gina Raimondo and various State Department officials. According to Microsoft, the hack, called Storm-0558, “focuses on espionage, data theft, and credential access.”
These kinds of government-targeted hacks of Microsoft products have happened before. But this time, the response from the US government might be different. In the past, the company suffered no consequences from the attacks. Now, Congress might investigate — and one prominent senator has already urged multiple federal agencies to investigate Microsoft for breaking the law because of its negligence.
Hacking Outlook emails
The Chinese email hack didn’t target the US military; it was aimed instead at federal institutions that could harm or help the Chinese economy. The most influential victim, Raimondo, heads the agency that banned the export of US technologies that it claims helps the Chinese military and is used to violate human rights. Among the banned products are semiconductor chips used for artificial intelligence and supercomputers.
Beijing leaders have complained loudly that the ban is a form of economic warfare. Behind the scenes, though, it’s been doing more than complaining. It’s hacked into the accounts not just of Raimondo, but also, the Washington Post reports, “the email accounts of a congressional staffer, a U.S. human rights advocate and U.S. think tanks.”
The FBI claims that no classified information was accessed or stolen. That doesn’t mean the breach isn’t serious, though. Being able to read the private emails of Raimondo, State Department officials and others could offer China a tremendous amount of inside information about US plans for dealing with China in the future.
Former officials said the hack “would have allowed Beijing to see into diplomats’ planning for a succession of high stakes visits to China in June and July by U.S. cabinet members, including Secretary of State Antony Blinken, Raimondo and US Treasury Secretary Janet Yellen,” according to Newsweek.
The hack forged authentication tokens used by Outlook Web Access in Exchange Online (OWA) and Outlook.com, allowing Chinese…
2023-08-17 12:00:03
Original from www.computerworld.com rnrn
