The US Senate Intelligence Committee recently revealed that Chinese hackers were behind a massive cyberattack that compromised the email accounts of thousands of US State Department employees and other government agencies. The hackers exploited a vulnerability in Microsoft’s Exchange Server software, which is widely used by organizations to manage their email communications.
The breach, which occurred in late 2020 and early 2021, was part of a global campaign that affected tens of thousands of victims, including private companies, universities, and non-governmental organizations. The hackers used a technique called “zero-day exploit”, which means they exploited a flaw in the software that was unknown to the vendor and the public, and therefore had no patch or fix available.
The hackers gained access to the State Department’s network by sending phishing emails to unsuspecting employees, which contained malicious links or attachments that installed malware on their computers. The malware then allowed the hackers to remotely control the infected machines and access the Exchange Server, where they could read, modify, or delete emails, as well as create new accounts and install backdoors for future access.
According to the Senate Intelligence Committee, the hackers stole about 60,000 emails from the State Department, including some that contained sensitive information about US foreign policy and national security. The committee also said that the hackers targeted other agencies, such as the Department of Homeland Security, the Department of Defense, and the National Institutes of Health, but did not specify the extent of the damage.
The committee blamed the Chinese government for sponsoring the cyberattack, saying that it was consistent with its “long-term pattern of reckless and aggressive behavior in cyberspace”. The committee also criticized the US government for its slow and inadequate response to the breach, saying that it failed to detect, contain, and mitigate the attack in a timely and effective manner.
The committee recommended several measures to improve the US cybersecurity posture, such as:
- Increasing the resources and authorities of the Cybersecurity and Infrastructure Security Agency (CISA), which is responsible for protecting the federal civilian networks.
- Enhancing the coordination and information sharing among federal agencies, as well as with the private sector and international partners, to prevent and respond to cyberattacks.
- Strengthening the oversight and accountability of the federal agencies that manage their own IT systems, such as the State Department, and ensuring that they comply with the cybersecurity standards and best practices.
- Updating and enforcing the federal laws and regulations that govern the cybersecurity of the critical infrastructure sectors, such as the energy, transportation, and financial services industries.
- Developing and implementing a comprehensive and coherent strategy to deter and respond to the cyber threats posed by China and other adversaries.
The committee also urged Microsoft to improve the security and reliability of its products, especially the Exchange Server, which is widely used by the US government and other organizations around the world. The committee said that Microsoft should:
- Provide timely and accurate information to its customers and the public about the vulnerabilities and patches of its products, and ensure that they are widely and easily available.
- Conduct regular and rigorous security audits and testing of its products, and fix any flaws or bugs as soon as possible.
- Collaborate with the government and the security community to identify and address the emerging cyber threats and challenges, and share the best practices and lessons learned.
- Support the victims of the cyberattack and help them recover and restore their systems and data.
The committee concluded that the Microsoft hack was a “wake-up call” for the US government and the private sector to take the cybersecurity issue more seriously and urgently, and to work together to defend the nation’s interests and values in cyberspace. The committee said that it would continue to monitor and investigate the cyberattack and its implications, and to hold the responsible parties accountable.