U.S. Takes Steps Against Russian and Chinese Cyberattacks

Blaming Russia for attacks that interfered in the 2020 U.S. presidential election, President Biden imposed new sanctions on 32 entities and individuals in that country. Although sanctions will make it more difficult to partake in the global economy, the White House did not immediately limit Russia’s ability to borrow money on the global market. Biden noted he “chose to be proportionate” and “is not looking to kick off a cycle of escalation and conflict with Russia.” The FBI has also recently taken strong steps to stop Chinese hacking.

The New York Times reports that, “10 Russian diplomats, most of them identified as intelligence operatives, were expelled from the Russian Embassy in Washington” and U.S. banks are now banned “from purchasing newly issued Russian government debt,” the latter considered to be “the most significant economic sanction.”

The U.S. and European partners also imposed sanctions “on eight people and entities associated with Russia’s occupation of Crimea.” Past sanctions — which failed to deter Russia — were spurred by “Russia’s annexation of Crimea, its effort to influence the 2016 election and its poisoning of a former Russian spy in Britain in 2018.” Russia has promised retaliation against new U.S. sanctions, which its Foreign Ministry spokesperson Maria Zakharova said were “inevitable.”

These sanctions mark the first time the U.S. has blamed Russia’s SVR intelligence agency, directly under president Vladimir Putin’s control, for the SolarWinds hack, “which penetrated American government agencies and corporations.” SVR was also behind the “first of two major hackings into the Democratic National Committee six years ago.”

NYT notes that the ban on financial institutions dealing with Russian debt, which will go into effect June 14, “does not stop American institutions from dealing in previously issued Russian bonds … [or] apply to foreign banks or investment firms.” Russia’s total debt, “issued in rubles rose to 14 trillion, or more than $180 billion, by the end of the year.”

Deputy national security advisor for cyber and emerging technologies Anne Neuberger has stated that, “the same access Russia gained by getting into the periodic updates of the SolarWinds code could give it a pathway for far more destructive action inside the 16,000 companies and government agencies that downloaded the infected software.”

Wired reports that, on March 2, “Microsoft warned the world that a Chinese state-sponsored hacking group called Hafnium had infected what would turn out to be tens of thousands of Microsoft Exchange servers in a weeks-long hacking blitz.” Although Microsoft issued a patch, not everyone updated their systems, leaving “hundreds of servers” still exposed.

Court documents now reveal that, “the FBI obtained a warrant to copy and delete so-called web shells — essentially a foothold into a system that hackers can use to send remote commands or malware — from hundreds of Hafnium victims.”

As part of its attack, “Hafnium used its access in that initial sweep to plant web shells, which would allow it to come back later to cause real damage” to what were mostly small-to-medium-sized businesses. Patches will not get rid of the web shell, which is why the FBI got a legal warrant to uninstall them, which turned out to be a fairly easy task.

Related:
U.S. Investigates Code Testing Hack That Could Affect Thousands of Companies, Engadget, 4/18/21
The FBI Is Remotely Hacking Hundreds of Computers to Protect Them from Hafnium, The Verge, 4/13/21
SolarWinds Hacking Campaign Puts Microsoft in Hot Seat, AP News, 4/17/21
The Biden Administration Just Accused a $1 Billion Russian Cybersecurity Company of Recruiting Spies, Forbes, 4/15/21
Biden’s Picks to Shore Up the Federal Government’s Cybersecurity Face a Big Task, The Washington Post, 4/16/21