A series of spyings have been taking place on the government and private organizations in the U.S. It began with ‘SolarWinds,’ which seemingly is a Russian hacking campaign that started almost a year back.
It affected the operations and entered the systems of more than 9 U.S government organizations, and the list for the hacking on private organizations goes on and on.
While the Russian SolarWinds incident was already blowing pretty hard, another Chinese hacking spree entered the game. The Chinese hacking firm Hafnium started attacking a vulnerability in Microsoft Exchange Server’ to enter the victim’s email boxes and further. The count of these espionage sprees is still being measured; however, experts have said they may never be fully known.
Countries spy on one another all the time; the trend has always been this way. However, the kind of hacking that Russian’s and Chinese are doing on the American’s will continue to surprise all for the longest of times.
Russian’s hacked into the IT management firm’s networks and changed the versions of its ‘Orion network monitoring tool,’ leaving around 18,000 organizations exposed, out in the open. However, where the actual number might be less than this, the security experts still say the original number to be somewhere around in the hundreds at least.
Senate Intelligence Committee chair Mark Warner said, “It’s become clear that there’s much more to learn about this incident, its causes, its scope, its scale, and where we go from here.”
Acting Director of the US Cybersecurity and Infrastructure, Brandon Wales, in an interview with MIT Technology, stated that “it could take up to 18 months for US government systems alone to recover from the hacking spree, to say nothing of the private sector.”
The confusion or lack of clarity in estimating the Chinese hacking campaign even multiplies. Microsoft disclosed about it on Tuesday and was first spotted by the security firm ‘Veloxity.’ Hafnium has been using numerous zero-day-exploits, has been attacking unknown vulnerabilities in software. Hafnium broke into exchange servers used to manage email accounts, inclusive of Outlook. Reaching there, they could conveniently go through all of the email accounts that are of high-value.
Veloxity founder Steven Adair said, “You wouldn’t fault anyone for missing this. They’re very targeted, and they’re not doing much to raise alarm bells.”
Veloxity observed a major shift in the hacker’s behavior last week. It said that “hackers started using their Exchange server foothold to burrow deeper into victim networks aggressively.”
Adair said, “It was severe before; someone having unrestricted access to your email at will is in a sense a worst-case scenario. Them being able also to breach your network and write files steps it up a notch in terms of what someone can get to and how hard the cleanup can be.”
John Hammond, a senior security analyst, said that “It is apparent that these attacks are still ongoing, and the threat actors are actively scanning the internet in a ‘spray-and-pray’ type fashion, targeting whatever looks to be vulnerable.”
Despite the heavy discussions and knowledge of the greater hacking attempts, neither of the SolarWinds or Hafnium attacks have stopped. Making that cleaning the systems back as they seemed to be a long-distant dream for now. Simultaneously, the efforts to fight back seem as little as cleaning up the oil from a spilling oil tanker.