A new report by the US National Security Agency (NSA), Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI) reveals just how difficult, if not impossible it is, to fix cyber vulnerabilities caused by Chinese-supported intrusions.
It does not offer an alternative to current-day computing networks and is indifferent to Cloud-based networks as being any more secure than wired networks.
The bottom line is that the critical infrastructure, which includes key industries, business, government and military systems, remains hostage to Chinese hacking and represents a major national security danger to the US and its allies, far surpassing the Russian ransomware attacks that also have hit some infrastructure targets.
The report is titled “Chinese State-Sponsored Cyber Operations: Observed TTPs.”
A key finding of the report is the massive intrusion of Microsoft Exchange servers, which Microsoft advertises as “efficient and secure.” The report makes clear this is not the case.
The Microsoft Exchange server supports Microsoft 365, which includes the Microsoft product line including Office, Skype for Business, PowerPoint, Planner, some Mobile Apps and Outlook email. It is cloud-based.
On July 6, the US Defense Department canceled a US$10 billion master cloud contract with Microsoft under a program called JEDI (Joint Enterprise Defense Infrastructure). While all public reporting has pointed to a dispute between the government and Amazon, a competitor for the JEDI contract, by July the DOD would have been well aware of Chinese hacking and Microsoft’s vulnerabilities, as the NSA is run by the Defense Department.
TTPs are jargon for “tactics, techniques and procedures” and refers to the different ways China and hackers China hires to carry out attacks on “US and allied political, economic, military, educational and critical infrastructure (CI) personnel and organizations to steal sensitive data, critical and emerging key technologies, intellectual property and personally identifiable information (PII).
“Some target sectors include managed service providers, semiconductor companies, the Defense Industrial Base (DIB), universities and medical institutions. These cyber operations support China’s long-term economic and military development objectives.”
Click HERE to read more.
- Trump and Ukraine: what Russia wants, what Trump could do - November 8, 2024
- North Korean troops in Kursk could backfire on Moscow, Pyongyang - November 1, 2024
- Secure enclaves: bad CHIPS Act idea wasting billions - August 12, 2024