The US Nuclear Security Administration, which is responsible for maintaining and designing the USA’s cache of nuclear weapons, has been hacked by China-based cybercriminal group Storm-2603. Other organizations, including the U.S Education Department, Florida’s Department of Revenue, and the Rhode Island General Assembly, were also breached by Storm-2603.
According to Microsoft: “Expanded analysis and threat intelligence from our continued monitoring of exploitation activity by Storm-2603 leading to the deployment of Warlock ransomware.”
The Chinese hackers used a vulnerability in on-premises Microsoft SharePoint servers that exploit a spoofing vulnerability, when fraudsters pretend to be someone or something else to win a victim’s trust. These vulnerabilities are present in on-premises SharePoint servers only, but do not affect SharePoint Online in Microsoft 365.
Bloomberg reports that no sensitive or classified information is as yet known to have been compromised in the attack on the National Nuclear Security Administration. But what makes the breaches a nightmare for US security agencies is the ease with which China-based hackers have been able to breach so well-protected and financed an organization as the US Nuclear security Administration, potentially compromising the US lead in nuclear weapons technology.
Attacks were politically motivated
There can be little doubt that the attacks were politically motivated. Targets such as the US National Nuclear Security Administration, Florida’s Department of Revenue, and the Rhode Island General Assembly all point to intelligence gathering on behalf of the Chinese authorities. While the US National Nuclear Security Administration is the most serious, stolen intelligence concerning politicians and prominent citizens is also of great value to China. Information regarding the personal lives of key individuals can be used to coerce and blackmail them into acting as unwitting agents for the Chinese Communist Party.
By making ransomware demands, the hackers create something of a smokescreen. While ransomware attacks may go some way to funding China’s intelligence gathering, they also create plausible deniability for the Chinese Communist Party, which can argue that international cybercriminal groups are responsible for attacks of which they were unaware.
