Joe Biden under pressure from Russian and Chinese cyber spies

At least 30,000 victims in the United States.

A computer attack, attributed to Chinese cybercriminals acting on behalf of Beijing, affected a wide range of organizations, including schools, small businesses, local government agencies, law firms, associations and police stations , have reported several US media since Friday, March 5.

"It's massive. We are talking about thousands of compromised computers every day," said a former member of the US National Security, interviewed by the Wired site.

"It's an absolutely gigantic hack," Chris Krebs, the former head of the US Cyber ​​Security Agency, added on Twitter.

This is a crazy huge hack.

The numbers I've heard dwarf what's reported here & by my brother from another mother (@briankrebs).

Why, though?

Is this a flex in the early days of the Biden admin to test their resolve?

Is it an out of control cybercrime gang?

Contractors gone wild?

pic.twitter.com/cA4lkS4stg

- Chris Krebs (@C_C_Krebs) March 6, 2021

Cyber ​​espionage and more if affinities

The operation would have started in early January 2021, according to Volexity, one of the first US cybersecurity companies to identify the threat.

Cybercriminals have exploited hitherto unknown flaws in Outlook's messaging server, Microsoft's email service.

Hackers first sought to act quietly and then attacked in all directions when Microsoft announced Tuesday, March 3, that patches would be applied to better protect Outlook.

Cybercriminals then attacked email servers all over the world, no longer just targeting the United States.

This is how they also had access to the e-mail boxes of the European Banking Authority.

While the software giant has managed to tighten the security of its hugely popular email service, much of the damage has already been done.

"The Chinese already control everything that interests them", summarizes an expert in cybersecurity, interviewed by Wired.

Indeed, the patches deployed by Microsoft are used to protect against future intrusions.

In contrast, the Chinese hacker group - called Hafnium by Microsoft - can do whatever it wants on the more than 30,000 computers that have already been infected in the United States.

And what do they want?

"A priori, this is a classic cyber espionage operation targeting the United States," notes Guillaume Tissier, partner at the business intelligence and cybersecurity firm Avisa Partners, contacted by France 24. "They have access to all messages exchanged within a very large number of organizations, and we know that this is where we find most of the sensitive data, such as attachments, or even complete lists of contacts ", specifies Gérôme Billois, cybersecurity expert for the IT security company Wavestone, contacted by France 24.

But these cybercriminals can go further.

"Nothing prevents them from using the information they will recover to blackmail the victims," ​​adds Gérôme Billois.

This type of attack also has a significant destabilizing effect.

"The cyber teams of companies and all of the country's IT security companies will be hard at work to identify all the victims and clean up all traces of this operation," indicates Guillaume Tissier.

“The risk is that during this time, vigilance drops on other fronts,” adds Gérôme Billois.

The White House will also organize an emergency meeting of government agencies to reflect on the best way to deal with this crisis situation, says the Washington Post.

"This operation underlines the systemic risk of the cyber threat because it shows the very strong dependence of companies and other structures on a small number of software", underlines Gérôme Billois.

In other words, the smooth running of tens of thousands of businesses is threatened by flaws in one and very popular software: Outlook.

The Chinese after the Russians

But it is also the second major computer attack against the United States since the victory of Democrat Joe Biden in the American presidential election of November 2020. Before the Outlook Exchange affair, there had been, in January 2021 , the Solarwinds scandal, named after a software supplier that works with a large number of American administrations.

Hacking one of their programs had allowed hackers, possibly Russian, to spy on US government departments for several weeks.

"The last time the United States suffered almost simultaneously large-scale attacks from both Russia and China dates back to the start of Barack Obama's second term, in 2012," recalls Gérôme Billois.

The Chinese cyber threat was even one of the focal points on the menu of a US-China summit in 2015.

"What's going on? Are the other powers testing Joe Biden's resolve in the cyber domain?" Asked Chris Krebs, the former director of the US Cybersecurity Agency.

For Gérôme Billois, the Wavestone expert, it may very well be that the Russians and Chinese seek to recover as much information as possible on the new administration in order to get off on the right diplomatic footing with the United States of the Biden era.

Especially since the geopolitical tensions between Washington and the other two great powers are at their height.

Moscow suspects that Joe Biden will be less conciliatory than his predecessor Donald Trump, while the new US president has signaled that he intends to continue to make life tough in Beijing commercially and technologically.

In this sense, cyber attacks are also "used as diplomatic and political weapons", summarizes Guillaume Tissier.

By ostensibly demonstrating that they can carry out attacks against American interests, they indicate that they know America's weak spots and that they are not afraid of a cyber-arm wrestling.

The summary of the week

France 24 invites you to come back to the news that marked the week

I subscribe

Take international news everywhere with you!

Download the France 24 application

google-play-badge_FR