Nearly a decade ago, the United States began naming and shaming China for an onslaught of online espionage, the bulk of it conducted using low-level phishing emails against American companies for intellectual property theft.
On Monday, the United States again accused China of cyberattacks. But these attacks were highly aggressive, and they reveal that China has transformed into a far more sophisticated and mature digital adversary than the one that flummoxed U.S. officials a decade ago.
The Biden administration’s indictment for the cyberattacks, along with interviews with dozens of current and former American officials, shows that China has reorganized its hacking operations in the intervening years. While it once conducted relatively unsophisticated hacks of foreign companies, think tanks and government agencies, China is now perpetrating stealthy, decentralized digital assaults of American companies and interests around the world.
Hacks that were conducted via sloppily worded spearphishing emails by units of the People’s Liberation Army are now carried out by an elite satellite network of contractors at front companies and universities that work at the direction of China’s Ministry of State Security, according to U.S. officials and the indictment.
like Microsoft’s Exchange email service and Pulse VPN security devices, which are harder to defend against and allow China’s hackers to operate undetected for longer periods.
“What we’ve seen over the past two or three years is an upleveling” by China, said George Kurtz, the chief executive of the cybersecurity firm CrowdStrike. “They operate more like a professional intelligence service than the smash-and-grab operators we saw in the past.”
China has long been one of the biggest digital threats to the United States. In a 2009 classified National Intelligence Estimate, a document that represents the consensus of all 16 U.S. intelligence agencies, China and Russia topped the list of America’s online adversaries. But China was deemed the more immediate threat because of the volume of its industrial trade theft.
But that threat is even more troubling now because of China’s revamping of its hacking operations. Furthermore, the Biden administration has turned cyberattacks — including ransomware attacks — into a major diplomatic front with superpowers like Russia, and U.S. relations with China have steadily deteriorated over issues including trade and tech supremacy.
China’s prominence in hacking first came to the fore in 2010 with attacks on Google and RSA, the security company, and again in 2013 with a hack of The New York Times.
breach of the U.S. Office of Personnel Management. In that attack, Chinese hackers made off with sensitive personal information, including more than 20 million fingerprints, for Americans who had been granted a security clearance.
White House officials soon struck a deal that China would cease its hacking of American companies and interests for its industrial benefit. For 18 months during the Obama administration, security researchers and intelligence officials observed a notable drop in Chinese hacking.
After President Donald J. Trump took office and accelerated trade conflicts and other tensions with China, the hacking resumed. By 2018, U.S. intelligence officials had noted a shift: People’s Liberation Army hackers had stood down and been replaced by operatives working at the behest of the Ministry of State Security, which handles China’s intelligence, security and secret police.
Hacks of intellectual property, that benefited China’s economic plans, originated not from the P.L.A. but from a looser network of front companies and contractors, including engineers who worked for some of the country’s leading technology companies, according to intelligence officials and researchers.
It was unclear how exactly China worked with these loosely affiliated hackers. Some cybersecurity experts speculated that the engineers were paid cash to moonlight for the state, while others said those in the network had no choice but to do whatever the state asked. In 2013, a classified U.S. National Security Agency memo said, “The exact affiliation with Chinese government entities is not known, but their activities indicate a probable intelligence requirement feed from China’s Ministry of State Security.”
announced a new policy requiring Chinese security researchers to notify the state within two days when they found security holes, such as the “zero-days” that the country relied on in the breach of Microsoft Exchange systems.
arrested its founder. Two years later, Chinese police announced that they would start enforcing laws banning the “unauthorized disclosure” of vulnerabilities. That same year, Chinese hackers, who were a regular presence at big Western hacking conventions, stopped showing up, on state orders.
“If they continue to maintain this level of access, with the control that they have, their intelligence community is going to benefit,” Mr. Kurtz said of China. “It’s an arms race in cyber.”
WASHINGTON — When Communist Chinese forces began shelling islands controlled by Taiwan in 1958, the United States rushed to back up its ally with military force — including drawing up plans to carry out nuclear strikes on mainland China, according to an apparently still-classified document that sheds new light on how dangerous that crisis was.
American military leaders pushed for a first-use nuclear strike on China, accepting the risk that the Soviet Union would retaliate in kind on behalf of its ally and millions of people would die, dozens of pages from a classified 1966 study of the confrontation show. The government censored those pages when it declassified the study for public release.
The document was disclosed by Daniel Ellsberg, who leaked a classified history of the Vietnam War, known as the Pentagon Papers, 50 years ago. Mr. Ellsberg said he had copied the top secret study about the Taiwan Strait crisis at the same time but did not disclose it then. He is now highlighting it amid new tensions between the United States and China over Taiwan.
has been known in broader strokes that United States officials considered using atomic weapons against mainland China if the crisis escalated, the pages reveal in new detail how aggressive military leaders were in pushing for authority to do so if Communist forces, which had started shelling the so-called offshore islands, intensified their attacks.
leaving them in the control of Chiang Kai-shek’s nationalist Republic of China forces based on Taiwan. More than six decades later, strategic ambiguity about Taiwan’s status — and about American willingness to use nuclear weapons to defend it — persist.
The previously censored information is significant both historically and now, said Odd Arne Westad, a Yale University historian who specializes in the Cold War and China and who reviewed the pages for The New York Times.
“This confirms, to me at least, that we came closer to the United States using nuclear weapons” during the 1958 crisis “than what I thought before,” he said. “In terms of how the decision-making actually took place, this is a much more illustrative level than what we have seen.”
Drawing parallels to today’s tensions — when China’s own conventional military might has grown far beyond its 1958 ability, and when it has its own nuclear weapons — Mr. Westad said the documents provided fodder to warn of the dangers of an escalating confrontation over Taiwan.
Gen. Laurence S. Kutner, the top Air Force commander for the Pacific. He wanted authorization for a first-use nuclear attack on mainland China at the start of any armed conflict. To that end, he praised a plan that would start by dropping atomic bombs on Chinese airfields but not other targets, arguing that its relative restraint would make it harder for skeptics of nuclear warfare in the American government to block the plan.
“There would be merit in a proposal from the military to limit the war geographically” to the air bases, “if that proposal would forestall some misguided humanitarian’s intention to limit a war to obsolete iron bombs and hot lead,” General Kutner said at one meeting.
like Neil Sheehan of The Times.
in 2017, when he published a book, “Doomsday Machine: Confessions of a Nuclear War Planner.” One of its footnotes mentions in passing that passages and pages omitted from the study are available on his website.
But he did not quote the study’s material in his book, he said, because lawyers for his publisher worried about potential legal liability. He also did little else to draw attention to the fact that its redacted pages are visible in the version he posted. As a result, few noticed it.
One of the few who did was William Burr, a senior analyst at George Washington University’s National Security Archive, who mentioned it in a footnote in a March blog post about threats to use nuclear weapons in the Cold War.
Mr. Burr said he had tried more than a decade ago to use the Freedom of Information Act to obtain a new declassification review of the study — which was written by Morton H. Halperin for the RAND Corporation — but the Pentagon was unable to locate an unabridged copy in its files. (RAND, a nongovernmental think tank, is not itself subject to information act requests.)
Mr. Ellsberg said tensions over Taiwan did not seem as urgent in 2017. But the uptick in saber-rattling — he pointed to a recent cover of The Economist magazinethat labeled Taiwan “the most dangerous place on Earth” and a recent opinion column by The Times’s Thomas L. Friedman titled, “Is There a War Coming Between China and the U.S.?” — prompted him to conclude it was important to get the information into greater public view.
Michael Szonyi, a Harvard University historian and author of a book about one of the offshore islands at the heart of the crisis, “Cold War Island: Quemoy on the Front Line,” called the material’s availability “hugely interesting.”
Any new confrontation over Taiwan could escalate and officials today would be “asking themselves the same questions that these folks were asking in 1958,” he said, linking the risks created by “dramatic” miscalculations and misunderstandings during serious planning for the use of nuclear weapons in 1958 and today’s tensions.
Mr. Ellsberg said he also had another reason for highlighting his exposure of that material. Now 90, he said he wanted to take on the risk of becoming a defendant in a test case challenging the Justice Department’s growing practice of using the Espionage Act to prosecute officials who leak information.
Enacted during World War I, the Espionage Act makes it a crime to retain or disclose, without authorization, defense-related information that could harm the United States or aid a foreign adversary. Its wording covers everyone — not only spies — and it does not allow defendants to urge juries to acquit on the basis that disclosures were in the public interest.
Using the Espionage Act to prosecute leakers was once rare. In 1973, Mr. Ellsberg himself was charged under it, before a judge threw out the charges because of government misconduct. The first successful such conviction was in 1985. But it has now become routine for the Justice Department to bring such charges.
Most of the time, defendants strike plea deals to avoid long sentences, so there is no appeal. The Supreme Court has not confronted questions about whether the law’s wording or application trammels First Amendment rights.
Saying the Justice Department should charge him for his open admission that he disclosed the classified study about the Taiwan crisis without authorization, Mr. Ellsberg said he would handle his defense in a way that would tee the First Amendment issues up for the Supreme Court.
“I will, if indicted, be asserting my belief that what I am doing — like what I’ve done in the past — is not criminal,” he said, arguing that using the Espionage Act “to criminalize classified truth-telling in the public interest” is unconstitutional.
WASHINGTON — As the East Coast suffered from the effects of a ransomware attack on a major petroleum pipeline, President Biden signed an executive order on Wednesday that placed strict new standards on the cybersecurity of any software sold to the federal government.
The move is part of a broad effort to strengthen the United States’ defenses by encouraging private companies to practice better cybersecurity or risk being locked out of federal contracts. But the bigger effect may arise from what could, over time, become akin to a government rating of the security of software products, much the way automobiles get a safety rating or restaurants in New York get a health safety grade.
The order comes amid a wave of new cyberattacks, more sophisticated and far-reaching than ever before. Over the past year, roughly 2,400 ransomware attacks have hit corporate, local and federal offices in extortion plots that lock up victims’ data — or publish it — unless they pay a ransom.
The most urgent fear is an attack on critical infrastructure, a point made clear this week to Americans, who were panic-buying gasoline. A ransomware attack on Colonial Pipeline’s information systems forced the company to shut down a critical pipeline that supplies 45 percent of the East Coast’s gasoline, diesel and jet fuel for several days.
SolarWinds hack, in which Russia’s premier intelligence agency altered the computer code of an American company’s network management software. It gave Russia broad access to 18,000 agencies, organizations and companies, mostly in the United States.
The new order also requires all federal agencies to encrypt data, whether it is in storage or while it is being transmitted — two very different challenges. When China stole 21.5 million files about federal employees and contractors holding security clearances, none of the files were encrypted, meaning they could be easily read. (Chinese hackers, investigators later concluded, encrypted the files themselves — to avoid being detected as they sent the sensitive records back to Beijing.)
Previous efforts to mandate minimum standards on software have failed to get through Congress, notably in a major showdown nine years ago. Small businesses have said the changes are not affordable, and larger ones have opposed an intrusive role of the federal government inside their systems.
But Mr. Biden decided it was more important to move quickly than to try to fight for broader mandates on Capitol Hill. His aides said it was a first step, and industry officials said it was bolder than they expected.
Amit Yoran, the chief executive of Tenable and a former cybersecurity official in the Department of Homeland Security, said the question on everyone’s mind was whether Mr. Biden’s order would stop the next Colonial or SolarWinds attacks.
“No one policy, government initiative or technology can do that,” Mr. Yoran said. “But this is a great start.”
Government officials have complained that Colonial had poor defenses, and while it established a hard shell around its computer networks, it had no way of monitoring an adversary who got inside. The Biden administration hopes the standards set out in the executive order, requiring multifactor authentication and other safeguards, will become widespread and improve security globally.
Senator Mark Warner, Democrat of Virginia and the chairman of the Senate Intelligence Committee, praised the order but said it would need to be followed by congressional action.
Mr. Warner said recent attacks “have highlighted what has become increasingly obvious in recent years: that the United States is simply not prepared to fend off state-sponsored or even criminal hackers intent on compromising our systems for profit or espionage.”
The new order is the first major public part of a multilayered review of defensive, offensive and legal strategies to take on adversaries around the world. This executive order, however, focuses entirely on deepening defenses, in hopes of deterring attackers because they fear they would fail — or run a higher risk of being detected.
The Justice Department is ramping up a new task force to take on ransomware, after the discovery in recent months that such attacks are more than just extortion, they can bring down sectors of the economy.
Mr. Biden announced sanctions against Russia for the SolarWinds hack, and his national security adviser, Jake Sullivan, has said there will also be “unseen” consequences. So far, the United States has not taken similar action against China’s government for its presumed involvement in another attack, exploiting holes in a Microsoft system used by large companies around the world.
The executive order was first drafted in February in response to the SolarWinds intrusion. That attack was especially sophisticated because hackers working for the Russian government managed to change code under development by the company, which unsuspectingly distributed the malware in an update to its software packages. It was discovered during Mr. Biden’s transition and led him to declare he could not trust the integrity of federal computer systems.
The review board created under the executive order will be co-led by the secretary of homeland security and a private-sector official, based on the specific episode it is investigating at the time, in an effort to win over industry executives who fear the investigations could be fodder for lawsuits.
Because it was created by an executive order, not an act of Congress, the new board will not have the same broad powers as a safety board. But officials are still hopeful it will be valuable in learning of vulnerabilities, improving security practices and urging companies to invest more in improving their networks.
Much of the executive order is focused on information sharing and transparency. It aims to speed the time companies that have been victimized by a hack or discover vulnerabilities share that information with the Cybersecurity and Infrastructure Security Agency.
With the U.S. economy growing rapidly, millions of people have returned to work. Yet there is still one large group of Americans whose employment rates remain far below their prepandemic levels — mothers of young children.
Consider this data, which Moody’s Analytics compiled for The Morning:
have not returned to normal operations. They are open for only a few hours a day, a few days a week or on alternating weeks, making it difficult for parents to return to a full-time job. And parenting responsibilities still fall disproportionately on women.
This situation is unlikely to change over the final month or two of the current school year. But it raises a major question about the start of the next school year, in August and September: Will schools fully reopen — every day, Monday through Friday, and every week?
Claire Cain Miller, who writes about gender and work, told me. “Obviously, parents can’t get back to work without that.”
“It’s not enough to sort of open,” said Emily Oster, an economist at Brown University who studies parenting. “We are going to need to figure out how to make it possible to open normally.”
Is it safe to open?
Fortunately, the available evidence indicates that schools can safely return to normal hours in the fall. Nearly all teachers have already had the chance to be vaccinated. By August, all children who are at least 12 are also likely to have had the opportunity. (The Pfizer vaccine is now available to people 16 and up, and federal regulators appear set to approve it for 12- to 15-year-olds in coming weeks.)
Few younger children — maybe none — will have been vaccinated by the fall. But data from both the U.S. and other countries suggests that children rarely infect each other at school. One reason is that Covid-19 tends to be mild for younger children, making them less likely to be symptomatic and contagious.
small health risk to children that society has long accepted without closing schools. A child who’s driven to school almost certainly faces a bigger risk from that car trip than from the virus.
Of course, the risk from Covid is not zero, which is why many school districts are still grappling with what to do in the fall. Covid has so thoroughly dominated our thinking over the past 14 months that many people continue to focus on Covid-related issues — even highly unusual or uncommon ones — to the exclusion of everything else.
Covid does present a minuscule risk to children. And there will also be some teachers and other school employees who choose not to be vaccinated or who cannot receive a vaccine shot for health reasons; some of them may need to remain home if schools reopen.
For these reasons, a full reopening of schools will bring real, if small, costs and complications. Communities will have to weigh those costs against the enormous damage that closed schools are doing to American women.
Hybrid schooling is also harming children, and schools should not continue it in the fall, David Zweig argues in New York Magazine.
Blue states have been the slowest to reopen their schools, and parental frustration presents a political risk for the Democratic Party, The Times’s Ross Douthat writes.
“Even in typical times, labor force participation of parents, particularly mothers, is lower here than in much of the rest of the developed world,” Mark Zandi, the chief economist at Moody’s Analytics, told me. He noted that President Biden’s economic plan tries to address this.
In a recent Times article, Claire Cain Miller described ideas to help working parents during the pandemic.
THE LATEST NEWS
a gladiator’s view of the Colosseum.
Love and espionage: Alina López Miyares boarded a flight to Cuba and never returned. Is she a spy?
writes in The Times. He calls it “an elegant promotional solution: If people decide they want to listen to your song, simply give them more of it.” Lil Nas X similarly kept his breakout song, “Old Town Road,” at the top of the Billboard Hot 100 for a record-breaking 19 weeks in 2019, partly through remixes, which has helped him sustain stardom despite not having yet released a full-length album.
Often, these remixes can be substantial, adding a new layer to the song. But sometimes they’re a slightly altered version that is more obviously a ploy to game streams. “For younger artists, especially those who catch fire on TikTok, lengthening the life of a song,” Caramanica writes, “is crucial to setting a foundation for a chance at something beyond a one-viral-smash career.” — Sanam Yar, Morning writer
Here’s today’s Mini Crossword, and a clue: Prepare for a race (five letters).
If you’re in the mood to play more, find all our games here.
Thanks for spending part of your morning with The Times. See you tomorrow. — David
P.S. Television stations aired the Kentucky Derby live for the first time 69 years ago today. New Yorkers “flocked into neighborhood bars for their teleview,” The Times reported.
SOFIA, Bulgaria — The prosecutor general’s office in Bulgaria announced Wednesday that it was investigating a possible connection between a series of explosions at ammunition depots around the country and an elite group of Russian military intelligence operatives known as Unit 29155.
The four explosions were part of a series of blasts that occurred over the past 10 years, said Siika Mileva, a spokeswoman for the prosecutor general. At least two happened at a time when members of the unit were frequently traveling in and out of Bulgaria, she said, and among the damaged goods was military matériel belonging to Emilian Gebrev, a major Bulgarian arms manufacturer who, officials say, was poisoned in 2015, along with his son and a senior executive at his company, by members of the same Russian unit.
The announcement comes just over a week after authorities in the Czech Republic blamed two similar explosions at ammunition depots in that country in 2014 on operatives from Unit 29155, which specializes in sabotage and assassination. Those depots also contained ammunition owned by Mr. Gebrev’s company, Emco.
“A reasonable assumption can be made about a link between the explosions on Bulgarian territory, the attempts to poison three Bulgarian citizens and serious crimes committed on the territory of foreign countries,” Ms. Mileva said.
Sergei V. Skripal in Britain and an attempted coup in Montenegro two years earlier. Last year, The New York Times revealed a C.I.A. assessment that the group may have carried out a covert effort to pay bounties to militants in Afghanistan for attacks on American and coalition troops.
Mr. Gebrev acknowledged selling ammunition and military equipment to “authorized Ukrainian companies” in late 2014. Though, Mr. Gebrev insists he provided only a small amount of military equipment, it would have offered a lifeline to Ukraine at a time when few Western countries would provide weaponry.
There has long been suspicion that the explosions in Bulgaria, at least those from 2015, were acts of sabotage. Why prosecutors are choosing to relaunch their investigation now is unclear.
Unlike the Czech authorities, who revealed new details about the explosions there and expelled dozens of Russian diplomats in response, Ms. Mileva provided little new evidence and made no indication that a response was forthcoming.
A fire that broke out at an administrative building in Sofia, the capital, in May 2015 destroyed evidence related to those two blasts, Ms. Mileva said.
Bulgaria’s investigation of the explosions comes at a time of escalating confrontation between Russia and the West. For weeks, Russian troops were massing on the border with Ukraine, though in the last week they have somewhat pulled back. This month the United States announced that it would expel 10 Russian diplomats and impose sanctions as punishment for a huge breach of government computers that the White House blamed on Russia’s foreign intelligence service.
Bulgaria, despite being a European Union member, has long maintained friendly relations with Russia, which is a critical energy supplier. But recently, there has been evidence that Bulgarian officials have grown weary of playing host to Russian intelligence operations.
In January 2020, Bulgarian authorities announced criminal charges against three officers from Unit 29155 for poisoning Mr. Gebrev, his son and the senior Emco executive. The three fell ill in April 2015, less than two weeks after one of the blasts at a Bulgarian ammunition depot. An investigation determined that they were sickened with a substance similar to the Novichok nerve agent that British authorities say was used by officers from Unit 29155 on Mr. Skripal and his daughter in the United Kingdom.
Last month, after Bulgarian officials announced the arrest of six people they said were involved in an espionage ring run by the Russian security services, the country’s prime minister, Boiko Borisov, spoke to reporters, telling the Kremlin to knock it off.
“Stop spying in Bulgaria,” Mr. Borisov said.
Boryana Dzhambazova reported from Sofia, and Michael Schwirtz from New York.
PRAGUE — Russia’s unraveling relations with the West took a dramatic turn for the worse on Thursday when the Czech Republic, furious over what it said were Moscow’s fingerprints on a military-style sabotage attack on a Czech weapons warehouse in 2014, ordered the expulsion of as many as 60 Russian diplomats.
The Czech move, announced a day after President Vladimir V. Putin of Russia warned that the West risked a “fast and tough” response if it interfered with his country, escalated not only a diplomatic crisis between Prague and Moscow but a wider showdown between Russia and NATO, of which the Czech Republic is a member.
With Russian troops massing near the border with Ukraine and President Biden taking a tough stand against the Kremlin, Mr. Putin on Wednesday bluntly warned the West not to test Russia’s resolve in defending its interests, telling it not to cross unspecified “red lines” that he said would be defined by Russia.
The slashing of staff at Moscow’s embassy in Prague does not directly challenge Russian security. But it will severely damage intelligence operations, something that Mr. Putin, a K.G.B. officer in Eastern Europe during the Cold War, views as vitally important.
ordered out 20 Czech diplomats. Russia, which has used its Prague embassy as a center of espionage across the region, according to intelligence experts, previously had far more diplomats in the city than the Czech Republic had in Moscow.
Sergei V. Skripal, in the English town of Salisbury.
Two Russians identified by Britain as the main culprits in the Salisbury attack, both members of a military intelligence sabotage and assassination squad known as Unit 29155, turned out to be the same men Czech investigators had long suspected of involvement in the ammunition warehouse blasts but had not been able to identify.
Both men arrived in the Czech Republic under false names several days before the blasts and traveled to the site of the warehouse in Vrbetice, leaving on the day of the first explosion on Oct. 16, 2014.
Miroslav Mares, an expert on security policy at Masaryk University in the Czech city of Brno, said the Czech Republic wanted to “demonstrate its self-confidence and capability for resilience toward Russian aggressive behavior.” But he added that “the final effect strongly depends on support from Czech allies in the European Union and NATO.”
BEIRUT, Lebanon — In less than nine months, an assassin on a motorbike fatally shot an Al Qaeda commander given refuge in Tehran, Iran’s chief nuclear scientist was machine-gunned on a country road, and two separate, mysterious explosions rocked a key Iranian nuclear facility in the desert, striking the heart of the country’s efforts to enrich uranium.
The steady drumbeat of attacks, which intelligence officials said were carried out by Israel, highlighted the seeming ease with which Israeli intelligence was able to reach deep inside Iran’s borders and repeatedly strike its most heavily guarded targets, often with the help of turncoat Iranians.
The attacks, the latest wave in more than two decades of sabotage and assassinations, have exposed embarrassing security lapses and left Iran’s leaders looking over their shoulders as they pursue negotiations with the Biden administration aimed at restoring the 2015 nuclear agreement.
The recriminations have been caustic.
The head of Parliament’s strategic center said Iran had turned into a “haven for spies.” The former commander of the Islamic Revolutionary Guards Corps called for an overhaul of the country’s security and intelligence apparatus. Lawmakers have demanded the resignation of top security and intelligence officials.
explosion at the Natanz nuclear enrichment plant last month. But it was unclear who he was, whether he had acted alone and if that was even his real name. In any case, he had fled the country before the blast, Iran’s Intelligence Ministry said.
killed Maj. Gen. Qassim Suleimani, the leader of the Quds Force, in January of last year. Israel assassinated Mohsen Fakhrizadeh, Iran’s chief nuclear scientist and a brigadier general in the Revolutionary Guards, in November.
Even if General Hejazi died of natural causes, the cumulative loss of three top generals was a significant blow.
The attacks represent an uptick in a long-running campaign by the intelligence services of Israel and the United States to subvert what they consider to be Iran’s threatening activities.
Chief among them are a nuclear program that Iran insists is peaceful, Iran’s investment in proxy militias across the Arab world, and its development of precision-guided missiles for Hezbollah, the militant movement in Lebanon.
daring nighttime raid to steal a half-ton of secret archives of Iran’s nuclear program from a warehouse in Tehran.
Israel has also reached around the world, tracking down equipment in other countries that is bound for Iran to destroy it, conceal transponders in its packaging or install explosive devices to be detonated after the gear has been installed inside of Iran, according to a former high-ranking American intelligence official.
an explosion in the Natanz nuclear plant in July. The explosives had been sealed inside a heavy desk that had been placed in the plant months earlier, Fereydoon Abbasi-Davani, the former chief of Iran’s Atomic Energy Organization, said.
The explosion ripped through a factory producing a new generation of centrifuges, setting back Iran’s nuclear enrichment program by months, officials said.
more recent explosion at Natanz this month except that it destroyed the plant’s independent power system, which in turn destroyed thousands of centrifuges.
It would have been difficult for Israel to carry out these operations without inside help from Iranians, and that may be what rankles Iran most.
But the infiltrations have also sullied the reputation of the intelligence wing of the Revolutionary Guards, which is responsible for guarding nuclear sites and scientists.
A former Guards commander demanded a “cleansing” of the intelligence service, and Iran’s vice president, Eshaq Jahangiri, said that the unit responsible for security at Natanz should be “be held accountable for its failures.”
The deputy head of Parliament, Amir-Hossein Ghazizadeh Hashemi, told the Iranian news media on Monday that it was no longer enough to blame Israel and the United States for such attacks; Iran needed to clean its own house.
As a publication affiliated with the Guards, Mashregh News, put it last week: “Why does the security of the nuclear facility act so irresponsibly that it gets hit twice from the same hole?”
But the Revolutionary Guards answer only to Iran’s supreme leader, Ayatollah Ali Khamenei, and so far there has been no sign of a top-down reshuffling.
After each attack, Iran has struggled to respond, sometimes claiming to have identified those responsible only after they had left the country or saying that they remained at large. Iranian officials also insist that they have foiled other attacks.
were arrested last month in Ethiopia for plotting to attack Israeli, American and Emirati targets.
But any overt retaliation risks an overwhelming Israeli response.
“They are not in a hurry to start a war,” said Talal Atrissi, a political science professor at the Lebanese University in Beirut. “Retaliation means war.”
Conversely, the timing of Israel’s latest attack on Natanz suggested that Israel sought if not to derail the talks, to at least weaken Iran’s bargaining power. Israel opposed the 2015 nuclear agreement and opposes its resurrection.
the covert, regionwide shadow war between Israel and Iran has intensified with Israeli airstrikes on Iranian-backed militias in Syria and tit for tat attacks on ships.
But as Iran faces a struggling economy, rampant Covid-19 infections and other problems of poor governance, the pressure is on to reach a new agreement soon to remove economic sanctions, said Ms. Vakil of Chatham House.
“These low-level, gray zone attacks reveal that the Islamic Republic urgently needs to get the J.C.P.O.A. back into a box” to free up resources to address its other problems, she said, referring to the nuclear deal, formally called the Joint Comprehensive Plan of Action.
Eric Schmitt contributed reporting from Washington, and Hwaida Saad from Beirut, Lebanon.
WASHINGTON — The Biden administration on Thursday announced tough new sanctions on Russia and formally blamed the country’s premier intelligence agency for the sophisticated hacking operation that breached American government agencies and the nation’s largest companies.
In the broadest effort yet to give more teeth to financial sanctions — which in the past have failed to deter Russian activity — the sanctions are aimed at choking off lending to the Russian government.
In an executive order, President Biden announced a series of additional steps — sanctions on 32 entities and individuals for disinformation efforts and for carrying out the Russian government’s interference in the 2020 presidential election. Ten Russian diplomats, most of them identified as intelligence operatives, were expelled from the Russian Embassy in Washington. The country also joined with European partners to sanction eight people and entities associated with Russia’s occupation in Crimea.
The announcement is the first time that the U.S. government had placed the blame for the “SolarWinds” hacking attack right at the Kremlin’s feet, saying it was masterminded by the SVR, one of the Russian intelligence agencies that was also involved in the hacking of the Democratic National Committee six years ago. The finding comports with the findings of private cybersecurity firms.
SolarWinds; to the C.I.A.’s assessment that Russia offered bounties to kill American troops in Afghanistan; and to Russia’s longstanding effort to interfere in U.S. elections on behalf of Donald J. Trump. The key to the sanctions’ effectiveness, officials concede, will be whether European and Asian allies go along with that ban, and whether the United States decides to seek to extend the sanctions by threatening to cut off financial institutions around the world that deal in those Russian bonds, much as it has enforced “secondary sanctions” against those who do business with Iran.
In a conversation with President Vladimir V. Putin on Tuesday, Mr. Biden warned that the United States was going to act to protect its interests, but also raised the prospect of a summit meeting between the two leaders. It is unclear whether Russia will now feel the need to retaliate for the sanctions and expulsions. American officials are already alarmed by a troop buildup along the border of Ukraine and Russian naval activity in the Black Sea.
And inside American intelligence agencies there have been warnings that the SolarWinds attack — which enabled the SVR to place “back doors” in the computer networks — could give Russia a pathway for malicious cyber activity against government agencies and corporations.
Jake Sullivan, Mr. Biden’s national security adviser, has often said that sanctions alone will not be sufficient, and said there would be “seen and unseen” actions against Russia. Mr. Biden, before his inauguration, suggested the United States would respond in kind to the hack, which seemed to suggest some kind of clandestine cyber response. But it may take weeks or months for any evidence that activity to come to light, if it ever does.
SolarWinds attack because that was the name of the Texas-based company whose network management software was subtlety altered by the SVR before the firms customers downloaded updated version. But the presidential statement alludes to the C.I.A.’s assessment that Russia offered bounties to kill American troops in Afghanistan and explicitly links the sanctions to Russia’s longstanding effort to interfere in U.S. elections on behalf of Donald J. Trump.
In the SolarWinds breach, Russian government hackers infected network-management software used by thousands of government entities and private firms in what officials believe was, at least in its opening stages, an intelligence-gathering mission.
The SVR, also known as the Russian Foreign Intelligence Service, is primarily known for espionage operations. The statement said American intelligence agencies have “high confidence in its assessment of attribution” of responsibility to Russia.
In an advisory, the United States described for private companies specific details about the software vulnerabilities that the Russian intelligence agencies used to hack into the systems of companies and governments. Most of those have been widely known since FireEye, a private security firm, first found evidence of the hack in December. Until FireEye’s discovery, the actions had been entirely missed by the U.S. government, largely because the attack was launched from inside the United States — where, as the Russians know well, American intelligence agencies are prohibited from operating.
Previous sanctions against Russia have been more narrowly drawn and have largely affected individuals. As such, the Kremlin has largely appeared to absorb or shrug off the penalties without changing its behavior.
trading in Moscow before the announcement, the ruble’s exchange rate to the dollar dropped about 1 percent, reflecting nervousness over how the sanctions would play out. The main stock index, Mosbirzhi, also fell just over 1 percent.
The fallout so far reflects years of Russian government policy to harden its financial defenses against sanctions and low oil prices by running budget surpluses and salting away billions of dollars in sovereign wealth funds.
Balanced budgets have been a core economic policy principle of Mr. Putin, who came to power more than 20 years ago during a post-Soviet debt crisis that he saw as humiliating for Russia and vowed not to repeat.
Still, analysts say strains from the past year of pandemic and the drop in the global price of oil, a major Russian export commodity, have left Russia more vulnerable to sanctions targeting sovereign debt. By the first quarter of this year, however, a recovery in oil prices had helped return the federal budget to surplus.
Michael D. Shear and David E. Sanger reported from Washington, Steven Erlanger from Brussels, and Andrew E. Kramer from Moscow.