“This fits the pattern of Chinese state-sponsored hacking groups using the supply chain to go after the US government,” said David Shipley, CEO and founder of Beauceron Security, in an email. “This follows a highly successful attack against Microsoft’s production cloud solution, and previous Russian-linked attacks on the US government using Microsoft 365 and, before that, SolarWinds.”
Treasury’s letter revealed that the affected service has been taken offline, and that the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Intelligence Community, and third-party investigators are working to “fully uncover the incident and determine its full impact.”
“What’s interesting is what they might have been looking for,” Shipley noted. “What is this, just plain old espionage? Or were they trying to lay the groundwork to maintain the persistence and disruption of the US government? I wouldn’t mind so much if it’s just vanilla testing.”
Source link