US Government, NATO accuse China of Microsoft Exchange attacks

article thumbnail

The Microsoft Exchange hack and many other attacks were caused by gangs working with the Chinese government, the Biden administration and NATO claim.

In March, Microsoft disclosed that Microsoft Exchange Server was the target of attacks, which it believed were conducted by a hacking group in China known as Hafnium. According to the White House and a UK security agency, it appears that the attacks were partly orchestrated by the Chinese government.

On Monday, the Biden administration sent an alert to government bodies and private companies holding China responsible for the attacks,reports the Financial Times. The attacks included thefts and extortion, as well as ransomware instances with demands in the millions of dollars.

Allies of the U.S. around the world have also issued their own warnings, including the UK's National Cyber Security Centre, which is part of the country's main national security agency, GCHQ.

"The attack on Microsoft Exchange servers is another serious example of a malicious act by Chinese state-backed actors in cyberspace," said NCSC Director of Operations Paul Chichester. "This kind of behavior is completely unacceptable, and alongside our partners we will not hesitate to call it out when we see it."

NCSC claim the Exchange attacks was "highly likely to enable large-scale espionage," including acquiring information on individuals as well as to acquire intellectual property.

A senior administration official said China's "Ministry of State Security uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit. Their operations include criminal activities, such as cyber-enabled extortion, crypto-jacking and theft from victims around the world for financial gain."

Alongside the announcement, the U.S. Department of Justice said on Monday that a federal grand jury in San Diego, California, indicted four nationals and residents of the People's Republic of China for hacking computer systems in the United States and abroad between 2011 and 2018. The indictment occurred in May, but was unsealed on Friday.

According to the indictment, the conspiracy's main theft was for IP of "significant economic benefit to China's companies and commercial sectors," including research and development efforts.

The group worked to steal trade secrets and confidential business information across many industries, including submersible and autonomous vehicle technologies, chemical formulas, genetic sequencing technology, and information "to support China's efforts to secure contracts for state-owned enterprises" in other countries.

Each of the four defendants are charged with a count of conspiracy to commit computer fraud and a count of conspiracy to commit economic espionage, which carry maximum prison sentences of 5 years and 15 years respectively.