Mar 9, 2021 - Technology

Cyber war scales up with new Microsoft hack

Illustration of a robber's hand taking away a block of the Microsoft logo.

Illustration: Aïda Amer/Axios

Last week's revelation of a new cyberattack on thousands of small businesses and organizations, on top of last year's SolarWinds hack, shows we've entered a new era of mass-scale cyber war.

Why it matters: In a world that's dependent on interlocking digital systems, there's no escaping today's cyber conflicts. We're all potential victims even if we're not participants.

The big picture: Until recently, sophisticated, state-backed hacks were typically aimed at narrow targets. Now, harm from the new nation-state cyber-fights is regularly spilling over to unprecedented numbers of companies, organizations and individuals. 

  • The SolarWinds attack that surfaced late last year, widely attributed to a Russian government-backed group, compromised networks at the Treasury, State, Defense and Commerce departments along with as many as 18,000 companies and institutions and left a long tail of dangerous uncertainties in its wake.
  • The new incident — targeting flaws in Microsoft's Exchange Server, widely used by small and medium-sized companies and organizations — affected 30,000 U.S. Exchange customers and many more around the world, according to Brian Krebs of Krebs on Security. Microsoft pinned the attack on a new group it dubbed Hafnium that it tied to the Chinese government.

What they're saying: Experts exhausted their supply of adjectives in assessing the Exchange incident's scope.

  • "This is a crazy huge hack," tweeted Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency.
  • The number of victims was "astronomical" and "China just owned the world," one researcher told Wired's Andy Greenberg.

Details: Microsoft issued a patch last week that customers have been scrambling to install. The patch will prevent further intrusions, but won't close up back doors previously installed by the hackers.

  • That means a lot of Exchange shops are going to be waiting for another shoe to drop, and their security teams are going to be working overtime to prevent that.

Catch up quick: Hacks of yore regularly affected vast numbers of systems — from 1999's Melissa virus, passed along by infected Microsoft Word documents in email attachments, to 2017's Wannacry ransomware epidemic.

  • These attacks sometimes, as with Wannacry, made use of government-developed tools and techniques that had leaked into the wild. But they almost always were the work of petty criminals or hobbyists.
  • When governments sponsored attacks, they chose their targets with more precision — at least, that's been the assumption until now.

Our thought bubble: Cyber conflict's trajectory from a contained, specialized arena toward one that touches lives around the planet mirrors the one that Western warfare itself has followed in recent centuries.

  • Professional armies fought small-scale conflicts in the 18th century. But then revolutionary France conscripted a broad swath of the public, William T. Sherman brought war home to the plantations of the American South, and by the 20th century military activities became impossible to confine to some defined battlefield.
  • The same progression is taking place on today's fields of online conflict. Governments increasingly pursue their ends not with surgical pinpoint attacks but instead with broadly disruptive digital campaigns that can include everything from theft and ransom to sabotage and shutdowns.

Yes, but: The fog of cyber war means that it's always hard to be 100 percent certain who to blame for a particular attack.

  • Some experts suspect, per Reuters, that the state-backed Chinese group that started the Exchange attack may have later been joined by other groups.

In the case of SolarWinds, U.S. victims and authorities didn't pick up on the intrusions until long after they'd happened. The Exchange break-in was caught earlier, providing some hope for better containing its damage. But as with SolarWinds, its impact is likely to unfold slowly over time and in shadows.

The Biden White House, already weighing sanctions or counterattacks as retaliation for Russia's involvement in SolarWinds, now faces a similar choice with China.

  • For a response to be effective or credible as a deterrent, it doesn't matter whether we hear about it — what counts is for the adversary to see and know what the U.S. can do.

The bottom line: Cybersecurity analysts emphasize that, in this latest hack as in so many others, we may never know exactly who is to blame, who was targeted, and who got caught in the crossfire.

Go deeper