“This fits a pattern of Chinese state sponsored hacking teams using the supply chain to go after the US government” said David Shipley, CEO and cofounder of Beauceron Security, in an email. “This follows highly successful attacks against Microsoft’s productivity cloud solution, and previous Russia-linked attacks on the US government using Microsoft 365 and before that, SolarWinds.”
Treasury’s letter noted that the affected service had been taken offline, and that the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Intelligence community, and third-party forensic investigators are working to “fully characterize the incident and determine its overall impact.”
“What’s intriguing is what they might’ve been after,” Shipley observed. “What is this, just plain old spying? Or were they trying to lay the groundwork to maintain persistence and disrupt US government operations? I’d be less worried if it’s just plain vanilla spying.”
