US, NATO Allies Formally Accuse China of Microsoft Exchange Server Hacking
The United States and its NATO allies have officially accused the Chinese government of sponsoring the Microsoft Exchange Server hacks that took place earlier this year. Chinese state-run media described the accusation as “absurd.”
In March, Microsoft released a statement saying it had detected “several zero-day exploits used to attack on-premises versions of Microsoft Exchange Server as part of limited and targeted attacks.” The attacker was able to use vulnerabilities to access email accounts and install malware that allowed him to undertake other longer-term attacks. The fixes were released quickly, but Microsoft said in an update released a week later that it “continues to see more players take advantage of unpatched systems to attack organizations with on-premises Exchange Server.”
Microsoft has singled out Hafnium, a “highly skilled and sophisticated” Chinese hacker group that it says targets US-based interests and industries, including infectious disease researchers, law firms, institutions. education, defense entrepreneurs, policy think tanks and NGOs.
“Recently, Hafnium has engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software,” explained Microsoft’s Tom Burt. “To this day, Hafnium is the main player we’ve seen using these exploits.
Today, the US government backed Microsoft’s claim that Hafnium is a “state sponsored threat actor,” by issuing a statement attributing “malicious cyber activity and irresponsible state behavior” to the Republic. people of China.
The statement accuses the Chinese government of using “criminal hackers to conduct unauthorized cyber operations on a global scale.” He also claims that in addition to an alleged contract with China’s State Security Ministry, the hackers involved “engaged in ransomware attacks, cyber extortion, cryptocurrency hijacking, and theft.” ranks of victims from all over the world, all for [personal] financial gain. “
It also reiterates Microsoft’s March allegations, saying “with a high degree of confidence” that China-based hackers were in fact behind hacks that took advantage of vulnerabilities in Microsoft Exchange Server. The statement said that “tens of thousands of computers and networks around the world” were compromised “in a massive operation that resulted in significant repair costs for its victims, mainly in the private sector.”
Although the US government has not taken any direct action against China at this point, it has filed criminal charges against four people allegedly linked to China’s online espionage efforts. The accusations are not related to the Microsoft Exchange Server hacks, but rather “a multi-year campaign targeting governments and foreign entities in key sectors including the navy, aviation, defense, education and health in at least a dozen countries’ which took place from 2011 to 2018.
The UK, EU and Canada have issued parallel statements condemning the Microsoft Server Exchange hack and other cyber espionage efforts. NATO, the North Atlantic Treaty Organization, also issued a statement condemning “malicious cyber activity”, although it took a somewhat more cautious approach and did not point the finger at China directly. .
“We recognize the national statements of Allies, such as Canada, the United Kingdom and the United States, assigning responsibility for the compromise of Microsoft Exchange Server to the People’s Republic of China,” he said. “In line with our recent Brussels Summit communiqué, we call on all states, including China, to honor their international commitments and obligations and to act responsibly in the international system, including in cyberspace.”
China’s Foreign Ministry has yet to respond to the accusation, but the state-run Xinhua News Agency called the allegations “absurd” on Twitter:
Who poses a major threat to the world in cyberspace? Ask Edward Snowden! The absurd logic of the United States to exaggerate the Chinese threat is like a thief yelling “stop the thief!” »#Surveillance #infosec # cybersecurity #espionage #tech pic.twitter.com/KYY0CBYh4NJuly 19, 2021
Xinhua’s remark refers to CIA analyst Edward Snowden, who said in 2013 that he believed the US National Security Agency had carried out more than 61,000 hacking operations around the world, many of them in China. In 2014, the New York Times reported that Snowden’s documents showed the NSA hacked into the servers of Chinese telecommunications giant Huawei.