March 2021 saw Microsoft’s mail server Exchange infiltrated by the Chinese operator Hafnium.

The attack saw Hafnium create web shells, an interface that allows remote access to and control of a web server. This comes not long after it was discovered that Russia had hacked at least 6 government departments. These latest developments are emblematic of Russia’s and China’s approach to the US: cyber attacks now form an integral part of their anti-US covert operations. With enhanced capabilities, each nation can gain access to private information whilst simultaneously undermining the US.

Accordingly, the US and Microsoft must formulate a plan of action. This is, however, more complex than might first appear.

The response

In a blog post, Microsoft addressed the attack directly:

‘Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs. While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States.’

The loss of data is yet to be fully ascertained, but it is thought that tens of thousands of US organisations were affected. The hackers have been exploiting four flaws in Microsoft’s Exchange software, allowing them to access emails and read them without authorisation.

As more details of the hack emerge, the more worrying it becomes. It appears that Microsoft, the world’s second-largest tech company with a value of $327 billion, had its security compromised with relative ease. The ease of access can be somewhat attributed to Microsoft’s failure to decisively act on vulnerabilities found in January by cyber security firms Volexity. Microsoft offered a patch for these weaknesses, but, given the advanced techniques employed by the hackers, it provided limited protection.

The concerns for Microsoft, and indeed other tech giants, do not end with the simple hack. As news of the security breach filtered into the news cycle, it was revealed that the hackers had used “four never-before-seen hacking techniques” to gain access to the email servers. The novelty of these techniques indicates that, no matter how advanced the security measures are, hackers have the tools at their disposal to break through them.

Firms must now contend with trying to protect themselves and their users against an invisible foe whose plans of attack are becoming increasingly advanced. To that end, the challenge is to anticipate attacks and defend against them without knowing what to expect.

Losing China?

This latest hack is evidence of the credible threat posed by China to cyber security. In turn, it accelerates the timeline for deciding whether action needs to be taken against China. In the aftermath, the White House described the overall hack as an ‘active threat’, but a decision on sanctions against China is yet to be taken. Instead, the US National Security Council urged any organisation whose security had been breached to take immediate action rather than simply patching.

The US has long accused China of conducting cyber espionage against them, although this is a claim against which Beijing has firmly pushed back. The predictable fallout from these events does little to hide the escalating tensions between the world’s two largest economies. In what might be considered a surprising turn, the Biden is deeming offence as its best defence. The US has already launched several cyber security attacks against Russia as retaliation after the SolarWinds attacks. Now, China could face a similar response, serving as a reminder that China is not immune to cyber attacks.

Although the US government has been bullish in its condemning of China for its attack, Microsoft faces a more delicate balancing act when it comes to China going forward. Despite this hack, Microsoft still views China as part of the company’s future, having entered the Chinese market in 1992. Indeed, China remains a strategic marker for Microsoft, an unsurprising move, given the success of Microsoft in China: Bing is the only foreign search engine used in China. Accordingly, taking aggressive action against China jeopardises the progress Microsoft has made there.

A ‘lose-lose situation’?

China can expect repercussions for this hack, even though it has denied its role in the affair. That said, this should not be considered as the beginning of a cyber war between the US and China. This is espionage. To that end, it is not a question of launching an all-out offensive against China, and also Russia, since these two nations have sought to break the US hegemony in the cyber world.

This will be a conflict conducted in the shadows, with each side looking to exploit the weaknesses of the others. However, the escalation in cyber espionage could come at the expense of firms such as Microsoft. As has already been evidenced, Microsoft risks being the unwitting victim as the US and China compete for cyber dominance. The choice they face, therefore, is how to adequately protect themselves without losing their place in the Chinese market. Whether this can be achieved remains to be seen. Nevertheless, the importance of advanced cyber security is growing and it is incumbent upon others to stand up and take notice or risk becoming victims themselves.

About the Author: James Hingley

James Hingley is a contributing Features Writer with extensive expertise in International Relations, Politics and Culture.