Threats

Today's D Brief: China’s MSFT hack; Bagram ‘ghost town’; China’s space program; Gamer leaks secret tank details; And a bit more.

Ben Watson

|
Senior Multimedia Editor, Defense One

The United States and its allies say China was behind a disruptive and wide-ranging hack of Microsoft’s email system discovered back in March. The affected Microsoft Exchange Server had been in use across more than 30,000 organizations inside the U.S. alone, including defense contractors, cities, and local governments. The attack gave hackers access to email accounts and let them install malware, Microsoft said when it first learned of the breach—which even then it attributed with “high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China.” Cybersecurity reporter Brian Krebs reported at the time that the hackers “seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.”

But this new confrontation with China is about more than just the Microsoft hack. U.S. officials said they’re targeting a “pattern of malicious cyber activities” they view as “irresponsible,” “destabilizing,” and “a major threat to the U.S. and allies’ economic and national security.” Those activities allegedly include “cyber-enabled extortion, crypto-jacking, and theft from victims around the world for financial gain,” officials told reporters Sunday. 

There are at least two new and notable elements to Monday’s cyber messaging from the White House: 

  1. The U.S. is now openly accusing China of using “criminal contract hackers” for at least some of its cyber activity, including the Microsoft hack. “We sometimes see individuals moonlighting,” a U.S. official said Sunday. “And we see some connections between Russian intelligence services and individuals. But the [Chinese Ministry of State Security] use of criminal contract hackers to conduct unsanctioned cyber operations globally is distinct.” 
  2. The U.S. says it’s leading “an unprecedented group of allies and partners” in naming and shaming China over its “Ministry of State Security’s malicious cyber activities,” as the White House announced in a statement Monday. That group includes the EU; “Five Eyes” allies Australia, Canada, New Zealand, the United Kingdom; Japan; and NATO. (Also worth noting: “This is the first time NATO has condemned [People’s Republic of China] cyber activities,” White House officials said Sunday.) 

NATO: “We stand in solidarity with all those who have been affected by recent malicious cyber activities including the Microsoft Exchange Server compromise,” the alliance’s political decision-making body, the North Atlantic Council, said in a statement on Monday. “We call on all States, including China, to uphold their international commitments and obligations and to act responsibly in the international system, including in cyberspace.”

By the way: The EU wasn’t as confrontational as the U.S. in terms of blaming China’s leaders. However, the bloc did say in its statement that it “assess[es] these malicious cyber activities to have been undertaken from the territory of China … in contradiction with the norms of responsible state behaviour as endorsed by all UN member states. We continue to urge the Chinese authorities to adhere to these norms and not allow its territory to be used for malicious cyber activities, and take all appropriate measures and reasonably available and feasible steps to detect, investigate and address the situation.”

But the united front from the U.S. and its allies is also notable for what’s not included, at least not yet anyway: “The announcement will lack concrete punitive steps against the Chinese government such as sanctions similar to ones that the White House imposed on Russia in April,” the New York Times reported Sunday.  

Big-picture take: The U.S. has created an “impressive coalition to denounce China,”said Dmitri Alperovitch, head of the Silverado policy think tank. But “the next step has to have penalties,” he added. 

Speaking of sanctions: The White House is considering new sanctions on Iran’s oil industry over sales of crude oil to China. “The new steps would take place if nuclear talks fail,” the Wall Street Journal reports. 

From Defense One

Biden Goes After China’s Cyber Attackers // Patrick Tucker: U.S. and allies blame China’s government, announce new measures to fight a massive cyber criminal ring akin to Russia’s, but threaten no sanctions yet.

Republicans Try New Bill to Repay National Guard for Post-Riot Protection, Minus a Rapid Response Force // Tara Copp: No House GOPers voted for a May bill that would have reimbursed the Guard more than a half billion dollars.

China’s Space Program Is More Military Than You Might Think  // Peter W. Singer and Taylor A. Lee: Proposals for U.S.-Chinese cooperation must proceed carefully.

What the Afghanistan Withdrawal Means for Georgia’s NATO Dreams // Luke Coffey and Robert E. Hamilton: The Caucasian nation is losing one of its best ways to demonstrate that it belongs in the Western alliance.

Defense Business Brief // Marcus Weisgerber: Defense Business Brief: Getting new tech to troops faster; F-35 mission capable rates rise; Huge bonuses for vaxxed employees; and more.

How the Intelligence Community Can Get Better at Open Source Intel // Bob Ashley and Neil Wiley: Several factors make it harder to use publicly available information in all-source assessment than classified information.

Welcome to this Monday edition of The D Brief from Ben Watson with Jennifer Hlad. If you’re not already subscribed to The D Brief, you can do that here

Afghanistan’s Bagram air base is now a “ghost town,” Stars and Stripes reports Monday after a recent visit there. “Many of the cavernous, empty structures the U.S. vacated were left open, but one in particular remained locked during a recent visit: a squat wooden lodge near the base’s airport terminal, once known as the USO Pat Tillman center. It’s where Rebecca Medeiros, former USO country director in Afghanistan, spent the last year cataloguing mementos.” Read on here.

The White House just transferred his first detainee out of Guantánamo Bay, the New York Times reports.
Moving on: Abdul Latif Nasser, a 56-year-old man from Morocco. He was allegedly a former Taliban fighter; but he was never charged with a crime, the Times reports. “With Mr. Nasser’s departure, there are now 39 prisoners at Guantánamo, 11 of whom have been charged with war crimes.”

And lastly today: A videogamer allegedly leaked classified tank specs to win an argument, Defence Journal reported last week. The user, who identified himself as a commander of the Challenger tanks used by the British Army, complained that the tank was inaccurately depicted in the online multiplayer game War Thunder—and posted excerpts of a classified maintenance manual to prove it.
Officials with the game’s companyfounded in Moscow, based in Cyprus—said UK officials had informed them that the documents were indeed sensitive. The Guardian has more, here.

NEXT STORY: Today's D Brief: Flurry of Afghan diplomacy; Journalist killed in Kandahar; Gen. Miller, profiled; Milley’s new weapons warning; And a bit more.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.