The Subject
Microsoft announced this week that a Chinese cyber unit, codenamed Storm-0558, hacked this spring into U.S. government agencies and the private emails of senior U.S. officials. Among them: Commerce Secretary Gina Raimondo, who’s taken a hawkish stance on constricting American tech exports to China that would make her a prime target for Beijing.
These cyber intrusions came as the Biden administration was publicly working to ease tensions with China. And they dovetail with evidence of China’s stepped-up surveillance operations against the U.S., including the deployment of spy balloons in the Western hemisphere and the establishment of new electronic surveillance bases in Cuba. Microsoft said the Chinese exploited weaknesses in the company’s authentication software to access these U.S. government accounts, which weren’t believed to be hosting classified data.
Adam Marrè, chief information security officer at the cybersecurity firm, Arctic Wolf, told Semafor on Thursday that these Chinese hacks are part of a growing wave of cyber-attacks on high-level U.S. government targets and critical infrastructure that are positioning Beijing for a possible conflict with Washington and its allies. In May, Microsoft issued a report outlining Chinese efforts to infiltrate malware into the Pentagon’s communications systems in Guam — a key staging base for any American military operations to defend Taiwan.
Marrè, who combatted Chinese hackers and spies during a 12-year FBI career, said that Beijing poses a unique cyber challenge due its size, resources, and ability to own and control vast telecommunications infrastructure globally — such as undersea cables and the 5G telecommunications systems deployed by Huawei and other Chinese firms. Russia, Iran and North Korea also pose significant cyber threats, he said, but without nearly the scale and access to these communications channels.
“We’ve been warning about a surge in Chinese state-sponsored activity for a while now, both because of domestic and geopolitical reasons,” Marrè said. “Now we’re getting more of a focus on spy craft and even some infrastructure infiltration.”
This interview has been edited for length and clarity.
The Interview
Jay Solomon: Can you put into context how China’s hacks on Microsoft fit into the broader context of its cyber operations?
Adam Marrè: So, targeting various folks in the State Department, and the information we’ve seen so far, it does appear that this was a more targeted attack. It wasn’t just: Hey, we found this vulnerability in authentication tokens in Microsoft’s [Outlook systems] so we’re just going to look at everyone’s email.
Jay Solomon: Is this hacking group, called Storm-0558, a formal arm of the Chinese government?
Adam Marrè: I don’t know that the distinction is as important as it might be with other nations – just because of the closeness of the [Chinese Communist Party] to all organizations, be they commercial, independent organizations, or state-sponsored…The information is going to end up in the same place.
Jay Solomon: China has targeted the Pentagon’s critical infrastructure in Guam. Is this a symptom of Beijing’s improved capabilities or of a worsening relationship with the U.S.?
Adam Marrè: I would say it’s a mix of both…We are definitely seeing more of this spy craft, and even some of those preparation-of-the-battlefield-type activities, where they’re attacking some sort of critical infrastructure and lying dormant in it – just in case something breaks out in the real world.
Jay Solomon: The U.S. government has voiced its concerns about China controlling telecommunications infrastructure globally. How much does this enhance its ability to spy?
Adam Marrè: It starts with just wanting to get your technology into different places, because if you have the infrastructure, you can control it and you can listen to it and do all of that… There is the option for them to conduct whatever operations they want. And it’s difficult to detect that in all of the hardware that they’re installing.
Jay Solomon: How would you differ China’s cyber operations from countries like Russia, Iran and North Korea?
Adam Marrè: You do see less of the funded sort of smash-and -grab type ransomware attacks coming out of China. That doesn’t mean you don’t see them. And it doesn’t mean you don’t see other sorts of fraud…But it’s more spy craft, the more sophisticated low-and-slow, quiet-type behavior aimed at gaining information, be that intellectual property or information on the government.
Jay Solomon: How should American companies think about the Chinese cyber threat?
Adam Marrè: It is just a really good reminder that if you’re doing business with the [U.S.] government, or with companies that do bleeding edge technology, AI, anything that adversaries or any attackers might be interested in, you need to realize that…Companies do not realize that these threats actually face them, because they think what would they want from me? I don’t do this. But they don’t realize they’re a vector to get into the government’s vector.
