This week has been fairly monumental in the somewhat shady world of Cyber Geopolitics. Can we get our heads around any of it? Let us see.
The UK, US and EU have accused China of being the initial party behind attacks on internet facing Microsoft Exchange servers which have affected 30,000 organisations globally.
In January this year, an alleged “Chinese-linked group (aka state sponsored)” called Hafnium used published exploit code to drop shells on vulnerable web servers for later use in access, lateral movement and exfiltration of data.
The Chinese cyber-espionage programme is well known to be driven by the acquisition of data, plans, trademarked or novel manufacturing processes, Government budgets and objectives. The net is wide, as are those of the Chinese fishing fleet. Catch it all and sort it out later seems to be the maxim.
Some of the very experienced, not to mention charming, Tiberium staffers have seen the Chinese nation state in action, and in fact have been responsible for the identification, monitoring and subsequent shutdown of some activities. We can assure you that the Chinese operate exactly in the manner above, are highly organised, ruthless and very, very sneaky.
As we mentioned last week, POTUS Biden is not messing around in calling out the Nation States, except for his own of course. He signed an executive order to mandate a Zero Trust model for US Federal Government Cyber Security back in May (good luck with that) and has been pressing the Chinese and the Russians in many ways. Or so it seems.
Fantastic timely news then, that Microsoft has gone “all-in” with Zero-Trust, confirmed at last week’s Inspire conference, as reported by your faithful Tiberium newshounds.
The Irish Health Service received complimentary decrypt keys after intervention and, this week, the management tooling software company Kaseya has been reported to have a “Universal Decrypter from a trusted third party”, which they claim Not to have paid for. Hmm. So it is either the FBI, The CIA, The NSA, The GRU etc. etc. or lies.
As the story develops, a new character is introduced to the plot. As part of trusted family and friends, the Israeli NSO group which sells extraordinary hacking tools for mobile device surveillance, including zero-click infection has come under scrutiny.
Obviously, we all knew this, but following a massive data leak including the names of the great and the good, we have the ‘Pegasus Project’:
The Pegasus Project is a ground-breaking collaboration by more than 80 journalists from 17 media organisations in 10 countries coordinated by Forbidden Stories, a Paris-based media non-profit, with the technical support of Amnesty International, who conducted cutting-edge forensic tests on mobile phones to identify traces of the spyware.’
Whoops. Even the Americans appear to be prepared to do something about it.
The fallout from all of the above is going to take a long time to shake out. Heads are going to roll, brinksmanship and statesmanship will be imperative, hopefully not reaching the proportions of Mutually Assured Destruction and the SALT talks, not to mention any historical attempt to control the Chinese.
Meanwhile back in the less rarefied air of normal or ’normalish’ business, we have to protect what we have. We believe that best practice configuration, automated detection and response with continuous innovation are the essential building blocks of modern security.
Now, the song.
China Crisis – Christian, written in 1982 starts with the following lines:
This is emotion
Emotion less war
It really is.
The NSO people of Cameroon (not Israel) are extremely Christian. China Crisis – Christian. Imagine?