IIn the capital of the United States, there are increasing indications that the American government will shortly respond to the SolarWinds cyberattack with a counterstrike. The Russian government is blamed for the hacking attack on at least nine American authorities and around 100 large companies. The nature of the retaliation is not yet clear, but politicians and senior government officials are signaling that patience with Russia is running out. President Joe Biden himself announced that the attack would “not go unanswered”. Earlier, the influential Democratic Senator Dick Durbin had spoken of an “act of war”. More specifically, Biden’s chief security advisor, Jake Sullivan, said: “I believe that measures that are understood by the Russians, but which remain invisible to a wider public, are probably the most effective in making clear what we are ready and able to do.” The words indicate a cyber attack.
In the midst of preparations for a possible counterstrike against Russia, however, the message burst at the beginning of March that Microsoft Exchange had been the target of a cyber attack, the potential damage of which is possibly greater than the Russian attack. The company itself announced that a hacker crew had gained access to numerous e-mail accounts via Microsoft Exchange servers, where they were able to install malicious mini-programs in the victims’ computers, which would give them permanent access. For Microsoft, the perpetrator is clearly identifiable: a group supported by the Chinese government called Hafnium. Other security companies confirm Microsoft’s analysis. The American government is still hesitant to announce that it shares the assessment.
Two countries are testing the patience of the new president. Both attacks were designed to specifically skim off information. But they differ in execution and ruthlessness, says Dmitri Alperovitch, co-founder of the cybersecurity company Crowdstrike. It is used in almost all major hacker attacks by American companies and authorities to close the loopholes. According to his analysis, the Chinese attack is much more serious than the Russian one.
Most of the entrances have been closed
The Russian hacker group wanted to gain access to secret government data. To do this, it penetrated the system of the IT service provider SolarWinds, which supplies companies and authorities with software that they use to monitor their own networks. Other service providers were also apparently infiltrated. The Russian hackers placed a trojan in the SolarWinds software. As soon as the companies and authorities updated the software, they brought the Trojan into their system. This malicious program opened the entrance for the hackers. Around 18,000 SolarWinds customers downloaded the latest version and with it the Trojan into their system, including numerous Fortune 500 companies and government agencies.