China accused of cyber-attack on Microsoft Exchange servers

Spread the love

The UK and EU have accused China of carrying out a major cyber attack earlier this year.

The attack targeted Microsoft Exchange servers, affecting over a quarter of a million servers around the world.

The EU was the first to put out a statement saying the attack came from “the territory of China”, while the UK said Chinese state-backed actors were responsible. The US is expected to follow suit.

The countries have also said the Chinese Ministry of State Security was responsible for other espionage activity.

The US and UK has frequently called out cyber-campaigns from nation-states, but to be joined by the EU in calling out Beijing signals the gravity with which this case has been taken. Western intelligence officials say the behaviour by China was markedly more serious than anything they have seen before.

In the UK, the National Cyber Security Centre (NCSC) issued tailored advice to over 70 affected organisations to deal with the attack.

The hackers exploited a vulnerability which allowed web shells to be placed on systems which could act as back doors, allowing further exploitation.

This was then exploited by other hacking groups, leaving systems vulnerable to criminals and ransomware attacks as well as espionage.

“The cyber-attack on Microsoft Exchange Servers by Chinese state-backed groups was a reckless but familiar pattern of behaviour,” Foreign Secretary Dominic Raab said. “The Chinese government must end this systematic cyber-sabotage and can expect to be held to account if it does not.”

The UK Foreign Office said the attack was highly likely to enable large-scale espionage, including acquiring personally identifiable information and intellectual property.

It said the Chinese government had “ignored repeated calls to end its reckless campaign, instead allowing its state-backed actors to increase the scale of their attacks and act recklessly when caught”.

Microsoft announced details of the hack back in March and said a group called Hafnium, linked to China, was responsible. China denied those accusations.

The EU statement came in a declaration by the high representative for foreign affairs and security policy.

“The compromise and exploitation of the Microsoft Exchange servers undermined the security and integrity of thousands of computers and networks worldwide, including in the [EU] member states and EU institutions. It allowed access to a significant number of hackers that have continued to exploit the compromise to date.

“This irresponsible and harmful behaviour resulted in security risks and significant economic loss for our government institutions and private companies, and has shown significant spill-over and systemic effects for our security, economy and society at large.”

The EU statement also said it had seen other Chinese behaviour that caused concern. “We have also detected malicious cyber activities with significant effects that targeted government institutions and political organisations in the EU and member states, as well as key European industries.”

It, like the UK, linked these activities to two groups also based in China (known as APT 40 and APT 31) which are accused of espionage and intellectual property theft.

Spread the love