The United States and its NATO allies have formally accused the Chinese government of sponsoring Microsoft Exchange Server hackers that took place earlier this year. A state-run Chinese media label the accusation as "absurd."
In March, Microsoft released a statement saying it had detected "multiple 0-day exploits used to attack local versions of Microsoft Exchange Server in limited and targeted attacks." The attacker was able to use vulnerabilities to access email accounts and install malicious software that allowed them to carry out longer attacks. The patches were released shortly, but Microsoft said in an update released a week later that it "continues to see several players take advantage of unpatched systems to attack organizations with local Exchange Server."
Microsoft noted Hafnium, a "highly skilled and sophisticated" group of Chinese hackers that claims to target U.S. interests and industries, including infectious disease researchers, law firms, and higher education institutions. , defense contractors, policy think tanks and NGOs.
Microsoft's Tom Burt said, "Recently, Hafnium has been involved in several attacks using hitherto unknown exploits targeting local Exchange server software." explained. "So far, Hafnium is the main actor we've seen use these feats.
Today, the U.S. government has backed Microsoft's claim that Hafnium is a "state-sponsored threat actor." statement attributing "malicious cyber activity and irresponsible state behavior" to the People's Republic of China.
The statement accuses the Chinese government of using "criminal contract hackers to conduct unapproved cyber operations worldwide." He also claims that along with an alleged contract with China's State Security Ministry, the hackers involved "have been involved in ransomware attacks, cyber extorted, encrypted and stolen victims of everything the world for economic [personal] benefits ". "
He also reiterated Microsoft's allegations from March, saying "with a high degree of confidence" that China-based hackers were in fact behind hackers who took advantage of Microsoft Exchange Server vulnerabilities. The statement says "tens of thousands of computers and networks around the world" were involved "in a massive operation that resulted in significant remediation costs for its victims mostly in the private sector."
While the U.S. government has not taken any direct action against China at this time, it has filed criminal charges against four people allegedly involved in China’s online espionage efforts. The charges are not related to Microsoft Exchange Server hackers, but rather to "a multi-year campaign aimed at governments and foreign entities in key sectors, including maritime, aviation, defense, education. and health in at least a dozen countries ”which took place from 2011 to 2018.
He UK, European union, i Canada issued parallel statements condemning Microsoft Server Exchange hacking and other cyberespionage efforts. NATO, the North Atlantic Treaty Organization, also issued a statement condemning the "malicious cyber activities", although it took a slightly more cautious approach and did not directly target China.
"We recognize national statements from allies, such as Canada, the United Kingdom, and the United States, that attribute responsibility for the commitment of the Microsoft Exchange server to the People's Republic of China." "In line with our recent statement from the Brussels Summit, we call on all states, including China, to comply with their international commitments and obligations and to act responsibly in the international system, including cyberspace."
China's Ministry of Foreign Affairs has not yet responded to the indictment, but state-run Xinhua News Agency called the allegations "absurd" on Twitter:
Who poses a major threat to the world in cyberspace? Ask Edward Snowden! an absurd logic of expressing China's threat is like a thief shouting "stop the thief!" # Surveillance #infosec #cybersecurity #espionage #top technology.twitter.com/KYY0CBYh4NJuly 19, 2021
The Xinhua note refers to CIA analyst Edward Snowden, who said in 2013 that he believed the U.S. National Security Agency had done more than 61,000 hacking operations worldwide, including many in China. In 2014, The New York Times reported that Snowden's papers showed that NSA attacked the servers of the Chinese telecommunications giant Huawei.