90 with 47 posters participating
The US government blamed the Chinese government on Monday for attacks on thousands of Microsoft Exchange servers.
China’s Ministry of State Security (MSS) “has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain,” US Secretary of State Antony Blinken said in a statement that blamed the MSS for the Microsoft Exchange hacks. The US government and its allies “formally confirmed that cyber actors affiliated with the MSS exploited vulnerabilities in Microsoft Exchange Server in a massive cyber espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims,” Blinken said.
Blinken’s statement was released alongside a Justice Department announcement that three MSS officers and one other Chinese national were indicted by a federal grand jury on charges related to a different series of hacks into the “computer systems of dozens of victim companies, universities, and government entities in the United States and abroad between 2011 and 2018.” Blinken said that the US “and countries around the world are holding the People’s Republic of China (PRC) accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security.”
The US did not announce any new sanctions against China, but Blinken said the indictment is evidence that “the United States will impose consequences on PRC malicious cyber actors for their irresponsible behavior in cyberspace.”
The Microsoft Exchange attacks have been public knowledge for over four months. “Tens of thousands of US-based organizations are running Microsoft Exchange servers that have been backdoored by threat actors who are stealing administrator passwords and exploiting critical vulnerabilities in the email and calendaring application,” we wrote on March 6.
At the time, Microsoft wrote that it “detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks” and that it “attributes this campaign with high confidence to Hafnium, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics, and procedures.” Microsoft issued emergency patches for four zero-day vulnerabilities in Exchange Server that were being exploited by hackers.
unusual because six hacking groups exploited vulnerabilities before Microsoft issued a patch. Compromised Exchange servers were also hit with multiple types of ransomware.
Today, Blinken said, “Responsible states do not indiscriminately compromise global network security nor knowingly harbor cyber criminals—let alone sponsor or collaborate with them. These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the MSS had them on its payroll.”
EU and UK condemn attacks
The European Union issued a statement today saying the attacks were “conducted from the territory of China for the purpose of intellectual property theft and espionage,” but it did not say the attackers were state-sponsored.
“We continue to urge the Chinese authorities to adhere to these norms and not allow its territory to be used for malicious cyber activities, and take all appropriate measures and reasonably available and feasible steps to detect, investigate and address the situation,” the EU said.
The United Kingdom’s statement today said, “The UK is joining like-minded partners to confirm that Chinese state-backed actors were responsible for gaining access to computer networks around the world via Microsoft Exchange servers.” Later in the release, the UK said its National Cyber Security Centre “is almost certain that the Microsoft Exchange compromise was initiated and exploited by a Chinese state-backed threat actor,” namely Hafnium, and that the “attack was highly likely to enable large-scale espionage, including acquiring personally identifiable information and intellectual property.”
According to the Associated Press, “a Chinese Foreign Ministry spokesperson has previously deflected blame for the Microsoft Exchange hack, saying that China ‘firmly opposes and combats cyber attacks and cyber theft in all forms’ and cautioned that attribution of cyberattacks should be based on evidence and not ‘groundless accusations.'”
advisory on the tactics, techniques, and procedures used by Chinese state-sponsored attackers.
“The FBI and our partners are determined to disrupt the increasingly sophisticated Chinese state-sponsored cyber activity that targets US political, economic, military, education, and counterintelligence personnel and organizations,” FBI Cyber Division Assistant Director Bryan Vorndran said.