China's Cyberwarfare Attacks

"APT 40 almost certainly consists of elements of the Hainan State Security Department's regional MSS office."

"This group's cyber activities targeted critical research in Canada's defence, ocean technologies and biopharmaceutical sectors in separate malicious cyber campaigns in 2017 and 2018."

Global Affairs Canada

"Responsible states do not indiscriminately compromise global network security nor knowingly harbour cyber criminals -- let alone sponsor or collaborate with them."

U.S. Secretary of State Antony Blinken

Canadian Foreign Minister Marc Garneau, speaks during a meeting with US Secretary of State Antony Blinken, at the Harpa Concert Hall in Reykjavik, Iceland, Wednesday, May 19, 2021, on the sidelines of the Arctic Council Ministerial summit. (Saul Loeb/Pool Photo via AP)

 

Global Affairs Canada (Department of Foreign Affairs) has finally, publicly, named China's Ministry of State Security as the state actor responsible for organizing and orchestrating an extensive hack on Microsoft email software earlier in the year. Canada, its allies and their intelligence agencies have a high degree of confidence in charging the state intelligence agency of involvement in the attack. Canada also linked a regional office within the Ministry of State Security which had targeted Canada's defence, biopharmaceutical and oceanic technology sectors in a 2017 series of attacks extending into 2018.

Puzzlingly, with this knowledge and the ongoing warning by Canada's own intelligence agencies against China's cyber attacks, official Canada still made allowances for China and continued permitting Beijing to interfere with Canada's internal affairs, from harassing Chinese-Canadians to persuading Canadian universities to sign on to Chinese cultural programs financed by Beijing and buying out critical Canadian resource companies.. Leaving Canadian scientists working out of universities and official governmental scientific arms to sign contracts with and cooperate with Chinese research institutes and scientists.

Canada appears finally to have surrendered its fascination with China's vast outreach and the wealth that can be gained in free trade agreements with the trade behemoth and the urgency of Canadian corporations to invest in China including production and sharing of trade secrets for the promise of access to its vast market and the profit to be made therein. The massive hack of Microsoft email where over 400,000 servers were infiltrated, causing widespread shutdowns forced on government and corporate operations led to Canada and its allies casting aside kid gloves.

Microsoft referred to the company involved in the attack as a state-backed hacking group it referred to as Hafnium, involved in attempts to steal information from defence contractors, law firms and infectious disease experts. Canada, the U.K. European Union, Japan, Australia New Zealand and the North Atlantic Treaty Organization, joined by the United States all contributed to statements blaming China's MSS agency for the worldwide-cyber attacks. 

 

The Canadian Centre for Cyber Security is urging organizations to protect businesses that use the Microsoft Exchange server because of a massive hack aimed at stealing data. CBC

 

Global Affairs Canada identified the Microsoft attack as having likely been the work of the Advanced Persistent Threat Group 40 (APT40), representing a group with direct ties to the People's Republic of China, described as a "highly sophisticated" network, able to achieve "sustained, covert access to Canadian and allied networks beyond the compromising of Microsoft exchange servers". A 2018 strategic cyber-attack by China attempted to secure data from myriads of foreign governments at which time a similar communication was aired.

The United States, in joining forces with the other nations impacted by China's hacking has committed to instituting remedial steps to counter the hostile cyber activities. Foreign Minister Dominic Raab of the United Kingdom spoke of "irresponsible cyber activity emanating from China", even as Australian Foreign Minister Marise Payne spoke of "serious concerns about malicious cyber activities by China's Ministry of State Security."

Four Chinese nationals with links to the Ministry of State Security's campaign to hack into computer systems of dozens of companies, universities and government entities in the U.S. and abroad between 2011 and 2018, were charged in the U.S. Monday, the indictment alleging the hackers targeted Ebola vaccine research among other areas. Competition with China, according to President Biden, appears one of the defining challenges of the century for the U.S.

 

Western governments said on Monday they are highly confident that hackers under the control of China’s Ministry of State Security breached the security of Microsoft Exchange, affecting 400,000 e-mail servers worldwide.   Steven Senne/The Associated Press

When the Biden administration decided to leave in place the former Trump administration's tariffs, the Chinese were taken by surprise, as well as being infuriated when the U.S. threw its support for an Australian demand on the world community through the United Nations, to have the World Health Organization conduct a deep review of how the COVID-19 pandemic began, and whether a leak from a laboratory in Wuhan might have been involved in the release of a deadly virus.

Canada's Communications Security Establishment issued over 2,500 foreign intelligence reports in 2020 to "alert and inform" officials from 28 departments and agencies of attempted cyber attacks. It was hard put to provide aid to the Government of Canada or its critical infrastructure partners no fewer than on 2,206 occasions, including 84 incidents "affecting Canada's health sector", last year. "Espionage and foreign interference activity at levels not seen since the Cold War", was identified in a separate study by CSIS, involving for the most part Chinese and Russian-backed actors.

Joe Biden and Chinese president Xi Jinping were all smiles in this file photo from when they met in 2013. President Biden now blames Chinese interests for a massive hack of the Microsoft Exchange server earlier this year. (Lintao Zhang/Reuters)

Pride Goeth Before A Fall : U.S.Cyber Security

"At this point, the number of potentially accessed O365 mailboxes appears limited to around three-percent"

"We have no indication that any classified systems were impacted."

Marc Raimondi, spokesperson, U.S.Department of Justice

A US Department of Justice seal is displayed on a podium during a news conference. (Photo by Ramin Talaie/Getty Images)

 

 

The U.S. Department of Justice revealed on January 6 that it too had been infiltrated by malign hackers, presumed to be in service to the Russian Federation. They now are among other key government departments and institutions of the United States of America who have had the gross misfortune to have been cyber-hacked, their anti-hacking systems obviously not up to par, enabling foreign governments to access classified documents, secret data not meant to be seen by any foreign agents. These infiltrations are long in the tooth, estimated to have taken place a full nine months earlier, able to extract at their leisure the data they want, and to leave behind little gifts of intrusively wicked software.

The list of those government departments and American corporations impacted by this hugely successful cyber-hacking is both impressive in its scope and beyond alarming in its potential fallout, leaving the United States at the mercy of a malignant actor should it wish to use what it has extracted for malevolent purposes and there is no reason to suppose it might not. The very width and breadth of the cyber-operation speaks of its ambition and ruthless capability. The question burning in everyone's mind is what the ultimate disposition of the gathered intelligence will represent?

• The US Treasury Department
• The US Department of Commerce's National Telecommunications and Information Administration (NTIA)
• The Department of Health's National Institutes of Health (NIH)
• The Cybersecurity and Infrastructure Agency (CISA)
• The Department of Homeland Security (DHS)
• The US Department of State
• The National Nuclear Security Administration (NNSA)
• The US Department of Energy (DOE)
• Three US state governments
• City of Austin
• Many hundreds more, such as Cisco, Intel, VMWare, and others.

"The installation of this malware created an opportunity for the attackers to follow up and pick and choose from among these customers the organizations they wanted to further attack, which it appears they did in a narrower and more focused fashion. While investigations (and the attacks themselves) continue, Microsoft has identified and has been working this week to notify more than 40 customers that the attackers targeted more precisely and compromised through additional and sophisticated measures."

"While roughly 80% of these customers are located in the United States, this work so far has also identified victims in seven additional countries. This includes Canada and Mexico in North America; Belgium, Spain and the United Kingdom in Europe; and Israel and the UAE in the Middle East. It’s certain that the number and location of victims will keep growing."

Microsoft

 

Initially, problems came to light with a classic textbook supply chain attack, when computer users downloaded an update for network monitoring software, a Solar Winds product from a company with an enormous consumer base. Solar Winds was the original victim when hackers implanted malicious code into its software updates, thus creating a backdoor access into its tens of thousands of customers' networks. The hack was operational and unnoticed for nine months. 

EPA

Cybersecurity company FireEye and three federal agencies; the Department of Commerce, Energy and Treasury had in mid-December admitted publicly that they were seriously affected. Also vulnerable was the office of Secretary of State and Homeland Security. Solar Winds has updated its software, but that accomplishes nothing to ameliorate the incalculable damage done to government agencies and private institutions through this unique-in-scope-and-duration hack. "Just because you closed the intrusion doesn't mean that you solved the problem", Neil Jenkins, chief analytic officer of the Cyber Threat Alliance observed, of an attack that went undetected for nine months.

Those affected organizations have two unappealing options before them, quite apart from being in the dismal dark over what they've lost and what the future will bring with respect to the impact of the cyber breach. Corrective action on their systems will allow them a choice between endlessly, frustratingly searching manually through their computers hoping they might be able to eradicate all imprints left by the hackers or the selecting the tedious choice of abandoning the mess they've been left with, and rebuilding from stage one onward. 

Few of those affected by the cyber breach are prepared to admit how badly their operations may have been maimed. Not only is it embarrassing that their security was breached and even more so that there was no discovery and rectification until so many months had passed, and they still would not have realized the breach and the damage had not an incidental discovery been made of a malfunction traced to Solar Winds. To disclose publicly the extent of the carnage to their systems would represent a self-harming disclosure.

"The coming months will present a critical test, not only for the United States but for other leading democracies and technology companies. The weeks ahead will provide mounting and we believe indisputable evidence about the source of these recent attacks. It will become even clearer that they reflect not just the latest technology applied to traditional espionage, but a reckless and broad endangerment of the digital supply chain and our most important economic, civic and political institutions. It is the type of international assault that requires the type of collective response that shows that serious violations have consequences."

"If there is a common lesson from the past few years, it’s the importance of combining ongoing learning with new innovations, greater collaboration, and constant courage. For four centuries, the people of the world have relied on governments to protect them from foreign threats. But digital technology has created a world where governments cannot take effective action alone. The defense of democracy requires that governments and technology companies work together in new and important ways – to share information, strengthen defenses and respond to attacks. As we put 2020 behind us, the new year provides a new opportunity to move forward on all these fronts."

Microsoft

Federal Cybersecurity and Infrastructure Security Agency head, Chris Krebs had been criticized by the Homeland Security Department's watchdog for "poor intelligence sharing with its private and public partners and weak information security for its own system". General Paul Nakasone, head of the National Security Agency and the U.S. Cyber Command had stated back in February of 2020 that U.S. teams were "Understanding the adversary better than the adversary understands themselves."

 

The Foundation for Defense of Democracies, a think-tank based in Washington has suggested a strike-back by the United States, engaging in hacking and releasing information about President Vladimir Putin's personal wealth to shame him for the digital attacks against the United States. On December 27 Mr. Putin gave praise to the work of SVR officials: "extremely important"work, given "the difficult professional operations that have been conducted". There isn't much that Mr. Putin feels shame for and acquiring personal wealth surely isn't one of those incidentals for which he would feel shame.