U.S. lawmakers and security experts are voicing concern that foreign governments are staging cyberattacks using servers in the U.S., in an apparent effort to avoid detection by America’s principal cyberintelligence organization, the National Security Agency.
When hackers recently targeted servers running Microsoft Corp.’s widely used Exchange software, they employed U.S.-based computers from at least four service providers to mount their attack, according to an analysis by the threat intelligence company DomainTools LLC.
The attack that Microsoft disclosed last week affected at least tens of thousands of customers and has been linked by the software giant and other security researchers to China-based hackers. The Chinese Embassy in Washington on Tuesday didn’t directly address the charge that China was behind the Microsoft hack and referred to earlier comments from Beijing in which the government said it “opposes and combats cyberattacks and cyber thefts in all forms.”
It is the second major suspected nation-state hack unearthed in the past few months to have employed U.S. servers as a launchpad. Suspected Russian hackers used U.S.-based cloud services to support key stages of their attack that leveraged a hack at SolarWinds Corp. , the Austin, Texas, network software provider through which they penetrated U.S. government and corporate networks. In both cases, the hacks were disclosed by private-sector researchers, not the U.S. government.
The NSA, with its tens of thousands of employees, is one of the main U.S. government organizations responsible for protecting the U.S. in cyberspace. It has vast surveillance powers, though is generally prohibited from using them to collect intelligence on domestic targets, including computer servers inside the U.S. maintained by American companies.