Microsoft Exchange hacking claims by the West are ‘groundless’ Chinese authorities say, after email compromise earlier this year
China has reacted in a predictable fashion after the United States, the United Kingdom, and the European Union accused it of carrying out a major cyber-attack earlier this year.
In March the administration of Joe Biden said it was “concerned” over the large number of organisations affected by four zero-day flaws in Microsoft Exchange.
Microsoft issued emergency patches for the matter, and the software giant at the time said a Chinese state-backed hacking group called Hafnium was behind the hacks, which began in early January.
Then this week the British government, along with its allies, directly accused Chinese state-backed actor of being involved in the cyberattack.
“The UK is joining likeminded partners to confirm that Chinese state-backed actors were responsible for gaining access to computer networks around the world via Microsoft Exchange servers,” the government announced “The attacks took place in early 2021, affecting over a quarter of a million servers worldwide.”
“The cyber attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour,” Foreign Secretary Dominic Raab said. “The Chinese Government must end this systematic cyber sabotage and can expect to be held account if it does not.”
The government said that attack was highly likely to enable large-scale espionage, including acquiring personally identifiable information and intellectual property.
The UK is also attributing the Chinese Ministry of State Security as being behind activity known by cyber security experts as “APT40” and “APT31”.
“Widespread, credible evidence demonstrates that sustained, irresponsible cyber activity emanating from China continues,” the government said.
The European Union added its voice to the call for China to end its hostile cyber operations.
Monday’s announcement marks a formal attribution of responsibility by the west.
The UK’s National Cyber Security Centre (NCSC) said it was “highly likely that Hafnium is associated with the Chinese state”.
“The attack on Microsoft Exchange servers is another serious example of a malicious act by Chinese state-backed actors in cyberspace,” said NCSC director of operations Paul Chichester.
“This kind of behaviour is completely unacceptable, and alongside our partners we will not hesitate to call it out when we see it,” said Chichester. “It is vital that all organisations continue to promptly apply security updates and report any suspected compromises to the NCSC via our website.”
The White House joined its allies in “exposing and criticizing the PRC’s malicious cyber activities.”
Australia, Canada and New Zealand also joined the UK, US and EU in blaming Chinese state-sponsored actors for the malicious cyber activities.
So far there has been little response from authorities in mainland China, but the BBC reported that the Chinese Embassy in Wellington New Zealand had called the accusations “groundless and irresponsible.”
“The Chinese government is a staunch defender of cyber security,” said a statement published by the embassy in response to a question from journalist.
“Making accusations without [proof] is malicious,” it said.
The Chinese embassy in Australia echoed these remarks, describing Washington as “the world champion of malicious cyber attacks”.