{"id":63220,"date":"2021-03-18T06:00:43","date_gmt":"2021-03-17T19:00:43","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=63220"},"modified":"2021-03-17T17:09:04","modified_gmt":"2021-03-17T06:09:04","slug":"microsoft-exchange-hack-could-change-the-course-of-us-china-relations","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/","title":{"rendered":"Microsoft Exchange hack could change the course of US\u2013China relations"},"content":{"rendered":"
<\/figure>\n

The hack of Microsoft\u2019s Exchange server software, which centrally manages email and calendars for businesses, threatens to be a bonanza for cybercriminals and may alter the course of US\u2013China relations under the Biden administration.<\/p>\n

State-based cyber espionage typically\u2014barring money-focused North Korean hacking\u2014follows a standard playbook with its own internal logic: governments have intelligence requirements, their agents break in and steal information, sooner or later (and sometimes much later) the agents get caught and systems are cleaned of malware, and the cycle repeats. The score changes with intelligence wins, but the game stays the same.<\/p>\n

The ongoing Chinese exploitation of Microsoft Exchange servers is different. Has the game changed?<\/p>\n

In late 2020, Orange Tsai, a Taiwanese security researcher, discovered a series of four separate bugs that could be strung together to seize control of a Microsoft Exchange server.<\/p>\n

This kind of vulnerability is about as bad as it gets. Not only is email an intelligence agency\u2019s highest priority, but Exchange servers are particularly valuable real estate from which to move further into a network. The Microsoft-hosted cloud version of Exchange is not vulnerable, so, ironically, the customers that chose to run their own Exchange servers because of concerns over the security of cloud services find themselves uniquely exposed.<\/p>\n

Orange reported these findings to Microsoft so they could be fixed, but before he\u2019d even submitted his report to the company\u2019s security response centre, this series of bugs was being exploited \u2018in the wild\u2019\u2014that is, they were already being used for cyber espionage.<\/p>\n

Microsoft reported<\/a> that a Chinese state-sponsored group the company calls Hafnium was using these techniques to take control of Exchange servers<\/a>, to steal email, files and credentials, and to set up persistent access (commonly known as backdoors) to the compromised network for future exploitation.<\/p>\n

Independent discovery of bugs is surprisingly common. The high-profile Spectre and Meltdown<\/a> processor bugs were more or less simultaneously discovered by three independent groups<\/a>, and research has found<\/a> that, in a particular set of vulnerabilities, about 6% were independently discovered within a year.<\/p>\n

It\u2019s still possible that cyber espionage activity in early January was the result of independent discovery, but by late February Orange\u2019s bug discoveries were being used by other cyber actors; at least one of these groups<\/a> was using exploits with significant similarity to Orange\u2019s prototype code, including his use of \u2018orange\u2019 as a password.<\/p>\n

How did Orange\u2019s discovery make it into the hands of a Chinese espionage group? Taiwan is a perennial target of Chinese espionage (of all kinds, not just cyber espionage), and security researchers make tempting targets<\/a> because of the possibility of their using any techniques they discover. But Microsoft itself is also a potential source of the leak and is reportedly<\/a> investigating avenues of vulnerability, particularly its Microsoft Active Protections Program, which gives a trusted cohort of companies advance access to security information so that they can prepare defences.<\/p>\n

In any case, within days of Orange\u2019s discovery Exchange servers were being exploited by Chinese espionage groups. In what would normally have been a cybersecurity success story, this quiet exploitation was almost immediately detected independently by two<\/a> separate<\/a> security companies, both of which also informed Microsoft.<\/p>\n

In the normal course of state-sponsored espionage, this kind of measured and covert exploitation of vulnerabilities for intelligence-gathering would have continued until Microsoft issued a fix, and the opportunity for intelligence gains would have disappeared as organisations updated their systems.<\/p>\n

But in a deviation from the \u2018normal\u2019 playbook, as Microsoft was preparing to issue its patch, exploitation of the vulnerability accelerated<\/a>, with multiple groups automatically and indiscriminately using it on any susceptible server.<\/p>\n

There are claims<\/a> that up to 10 different cyber espionage groups are involved, many of them with links to China, but cybercriminals are also taking part.<\/p>\n

Not only was this hacking indiscriminate, affecting<\/a> 30,000 servers in the United States and potentially hundreds of thousands globally, but the hackers also left these servers open to further abuse by other malicious groups by installing open webshells, backdoors that allow a compromised server to be controlled simply by using a web browser.<\/p>\n

Cybercriminals are already taking advantage<\/a> of these pre-compromised servers to launch ransomware attacks. Ransomware groups have refined their tactics over the last year and payments in the millions of dollars are not uncommon. Given the sheer number of companies affected, it\u2019s possible that the total lost to ransoms may well be in the hundreds of millions to billions of dollars, in addition to the network remediation cost.<\/p>\n

At this stage, there has been no official US statement on who is ultimately responsible for the mass hacking of Exchange servers. Determining a chain of events and assigning responsibility will be key to any official response. There\u2019s a spectrum of possibilities ranging from the deliberate to the coincidental: perhaps China deliberately exploited this bug at scale; perhaps loosely controlled contractor groups went rogue; perhaps the technique was deliberately shared with criminal groups; perhaps it was available for sale within criminal markets; or perhaps it was leaked<\/a> during Microsoft\u2019s remediation process.<\/p>\n

At the most incendiary end of the spectrum of possibilities, a deliberate decision by China to mass-exploit servers would drastically affect Washington\u2019s approach to dealing with Beijing. In the short term, the US would assemble a broad coalition of affected countries (likely all<\/em> countries are affected) to launch a robust diplomatic and economic response, but perhaps more importantly attitudes would harden within the administration and it would embed hard-edged combativeness into all US\u2013China decision-making. There is also the worrying possibility that if a deliberate Chinese operation is proven, this episode will change the game so that states become willing to carry out cyber operations without conducting the due diligence to avoid collateral damage and destructive side-effects.<\/p>\n

If responsibility is sheeted home to rogue contractors, the administration would take a \u2018get your house in order\u2019 response and diplomatic pressure would be applied to bring China-based cyber proxies under control. Building a broad coalition of countries is also key here, but such a move should include more public indictments to reveal the linkages between the Chinese state and cyber espionage groups. Although deterrence by embarrassment doesn\u2019t seem to have worked in the past, the global and (likely) destructive consequences of the hack raise the stakes considerably.<\/p>\n

If it\u2019s found that ultimate responsibility lies with criminal groups (that is, the Chinese state exploited the bug, but criminal groups independently discovered or bought it and engaged in mass exploitation), the response would be two-pronged. One arm of action would focus on operations that deter and hamper cybercriminal groups, including law enforcement action and offensive cyber operations. A second arm would focus on the ongoing efforts to improve the level of cybersecurity resilience across the whole economy through strong regulation.<\/p>\n

Within a month of the discovery of the recent SolarWinds hack<\/a>, the US issued an official statement<\/a> that the perpetrators were \u2018likely Russian\u2019. The fallout from the Exchange hack will continue over many months, but official statements that hint at or assign responsibility will be key indicators as to how the US government, and the world, will respond.<\/p>\n","protected":false},"excerpt":{"rendered":"

The hack of Microsoft\u2019s Exchange server software, which centrally manages email and calendars for businesses, threatens to be a bonanza for cybercriminals and may alter the course of US\u2013China relations under the Biden administration. State-based …<\/p>\n","protected":false},"author":618,"featured_media":63225,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[749,728,811,2380],"class_list":["post-63220","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber-espionage","tag-hacking","tag-microsoft","tag-us-china-relations"],"acf":[],"yoast_head":"\nMicrosoft Exchange hack could change the course of US\u2013China relations | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Exchange hack could change the course of US\u2013China relations | The Strategist\" \/>\n<meta property=\"og:description\" content=\"The hack of Microsoft\u2019s Exchange server software, which centrally manages email and calendars for businesses, threatens to be a bonanza for cybercriminals and may alter the course of US\u2013China relations under the Biden administration. State-based ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-17T19:00:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-03-17T06:09:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/03\/GettyImages-1207074418.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"683\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tom Uren\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tom Uren\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/03\/GettyImages-1207074418.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/03\/GettyImages-1207074418.jpg\",\"width\":1024,\"height\":683,\"caption\":\"NEW YORK, NY - MARCH 13: A signage of Microsoft is seen on March 13, 2020 in New York City. Co-founder and former CEO of Microsoft Bill Gates steps down from Microsoft board to spend more time on the Bill and Melinda Gates Foundation. (Photo by Jeenah Moon\/Getty Images)\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/\",\"name\":\"Microsoft Exchange hack could change the course of US\u2013China relations | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/#primaryimage\"},\"datePublished\":\"2021-03-17T19:00:43+00:00\",\"dateModified\":\"2021-03-17T06:09:04+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b143103fc9b3a4ae0d5e4b22c5eba93a\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Exchange hack could change the course of US\u2013China relations\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b143103fc9b3a4ae0d5e4b22c5eba93a\",\"name\":\"Tom Uren\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/216436cb30ac616a4eacffdffe5ff739?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/216436cb30ac616a4eacffdffe5ff739?s=96&d=mm&r=g\",\"caption\":\"Tom Uren\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/thomas-uren\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Exchange hack could change the course of US\u2013China relations | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Exchange hack could change the course of US\u2013China relations | The Strategist","og_description":"The hack of Microsoft\u2019s Exchange server software, which centrally manages email and calendars for businesses, threatens to be a bonanza for cybercriminals and may alter the course of US\u2013China relations under the Biden administration. State-based ...","og_url":"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2021-03-17T19:00:43+00:00","article_modified_time":"2021-03-17T06:09:04+00:00","og_image":[{"width":1024,"height":683,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/03\/GettyImages-1207074418.jpg","type":"image\/jpeg"}],"author":"Tom Uren","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Tom Uren","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/03\/GettyImages-1207074418.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2021\/03\/GettyImages-1207074418.jpg","width":1024,"height":683,"caption":"NEW YORK, NY - MARCH 13: A signage of Microsoft is seen on March 13, 2020 in New York City. Co-founder and former CEO of Microsoft Bill Gates steps down from Microsoft board to spend more time on the Bill and Melinda Gates Foundation. (Photo by Jeenah Moon\/Getty Images)"},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/","url":"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/","name":"Microsoft Exchange hack could change the course of US\u2013China relations | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/#primaryimage"},"datePublished":"2021-03-17T19:00:43+00:00","dateModified":"2021-03-17T06:09:04+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b143103fc9b3a4ae0d5e4b22c5eba93a"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/microsoft-exchange-hack-could-change-the-course-of-us-china-relations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Microsoft Exchange hack could change the course of US\u2013China relations"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/b143103fc9b3a4ae0d5e4b22c5eba93a","name":"Tom Uren","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/216436cb30ac616a4eacffdffe5ff739?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/216436cb30ac616a4eacffdffe5ff739?s=96&d=mm&r=g","caption":"Tom Uren"},"url":"https:\/\/www.aspistrategist.ru\/author\/thomas-uren\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/63220"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/618"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=63220"}],"version-history":[{"count":5,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/63220\/revisions"}],"predecessor-version":[{"id":63227,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/63220\/revisions\/63227"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/63225"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=63220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=63220"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=63220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}