China and Russia's Spying Sprees Will Take Years to Unpack

China and Russia's Spying Sprees Will Take Years to Unpack

First it was Solarwinds, a reportedly Russian hacking campaign that stretches back almost a year, and has felled at least nine US government agencies and countless private companies. Now it’s Hafnium, a Chinese group that’s been attacking a vulnerability in Microsoft Exchange Server to sneak into victims’ email inboxes and beyond. The collective toll of these espionage sprees is still being uncovered. It may never be fully known.


Countries spy on each other, everywhere, all the time. They always have. But the extent and sophistication of Russia and China’s latest efforts still manage to shock. And the near-term fallout of both underscores just how tricky it can be to take the full measure of a campaign even after you’ve sniffed it out.


By now you’re probably familiar with the basics of the Solarwinds attack: likely Russian hackers broke into the IT management firm’s networks and altered versions of its Orion network monitoring tool, exposing as many as 18,000 organizations. The actual number of Solarwinds victims is assumed to be much smaller, although security analysts have pegged it in at least the low hundreds so far. And as Solarwinds CEO Sudhakar Ramakrishna has eagerly pointed out to anyone who will listen, his was not the only software supply chain company that the Russians hacked in this campaign, implying a much broader ecosystem of victims than anyone has yet accounted for.

“It’s become clear that there’s much ..

Support the originator by clicking the read the rest link below.