US and allies accuse Chinese government of masterminding Microsoft Exchange cyber attack

The United States and key allies have accused the Chinese government for the first time that gangs have employed hackers to carry out cyber attacks in the West. Attacks attributed to China include the recent Microsoft Exchange hack, a significant and widespread breach that gave attackers access to the email servers of an estimated 30,000 organizations in the US alone.

The attack on Microsoft Exchange was initially blamed on Hafnium, a hacking group sponsored by the Chinese state. A senior official in the White House told The Financial Times that the US government had “high confidence” that the Exchange hackers were being paid by China’s Ministry of State Security.

“[China’s] MSS – Ministry of State Security – uses criminal contract hackers to conduct unauthorized cyber operations worldwide, including for their own personal gain,” the official said. “Their activities include criminal activities such as cyber extortion, crypto-jacking and theft from victims around the world for financial gain.”

The charge against China was leveled by the US, EU, UK, Australia, Canada, New Zealand, Japan and NATO. reports Bloomberg News.

In a press statement, the European Union said these and other attacks were linked to hacking groups known as Advanced Persistent Threat 40 and Advanced Persistent Threat 31 (these labels are used by cybersecurity professionals to track the activity of well-known organizations). The UK National Cyber ​​Security Center (NCSC) said that the APT40 group had targeted “maritime industries and ship defense contractors in the US and Europe”, while APT30 had “attacked government entities, including the Finnish parliament, in 2020”.

“The attack on Microsoft Exchange servers is another serious example of a malicious act by Chinese state-backed actors in cyberspace,” NCSC Director of Operations Paul Chichester said in a statement. “This kind of behavior is completely unacceptable, and together with our partners we will not hesitate to call it out when we see it.”

Cyber ​​attacks and ransomware incidents have been on the rise in recent years, with gangs of hackers apparently targeting larger organizations. This year alone, hackers have targeted America’s largest meat supplier and a major oil pipeline, although in both cases the responsible groups are located in Eastern Europe and most likely Russia.

Russia was also blamed for the 2020 SolarWinds hack, which violated a number of US federal government agencies and to which the US responded with new economic sanctions.

However, today’s announcement does not include similar sanctions against China for its role in the Microsoft Exchange attack (although these could follow). However, the United States Department of Justice has to announce criminal charges against four hackers sponsored by China’s MSS for “a multi-year campaign targeting foreign governments and entities in key sectors, including maritime, aerospace, defense, education and healthcare in at least a dozen countries.”

The most striking aspect of today’s accusation is the broad coalition of countries publicly condemning China. It is also the first time that NATO’s military alliance has formally accused the country of organizing cyber-attacks.