Preparing for Retaliation Against Russia, US Confronts Hacking by China

The proliferation of cyberattacks by rivals is presenting a challenge to the Biden administration as it seeks to deter intrusions on government and corporate systems. From a report: Just as it plans to begin retaliating against Russia for the large-scale hacking of American government agencies and corporations discovered late last year, the Biden administration faces a new cyberattack that raises the question of whether it will have to strike back at another major adversary: China. Taken together, the responses will start to define how President Biden fashions his new administration’s response to escalating cyberconflict and whether he can find a way to impose a steeper penalty on rivals who regularly exploit vulnerabilities in government and corporate defenses to spy, steal information and potentially damage critical components of the nation’s infrastructure. The first major move is expected over the next three weeks, officials said, with a series of clandestine actions across Russian networks that are intended to be evident to President Vladimir V. Putin and his intelligence services and military but not to the wider world.

The officials said the actions would be combined with some kind of economic sanctions — though there are few truly effective sanctions left to impose — and an executive order from Mr. Biden to accelerate the hardening of federal government networks after the Russian hacking, which went undetected for months until it was discovered by a private cybersecurity firm. The issue has taken on added urgency at the White House, the Pentagon and the intelligence agencies in recent days after the public exposure of a major breach in Microsoft email systems used by small businesses, local governments and, by some accounts, key military contractors. Microsoft identified the intruders as a state-sponsored Chinese group and moved quickly to issue a patch to allow users of its software to close off the vulnerability. But that touched off a race between those responsible for patching the systems and a raft of new attackers — including multiple other Chinese hacking groups, according to Microsoft — who started using the same exploit this week.