Microsoft Exchange Hack Caused By China, US, Allies Say | national
WASHINGTON (AP) – The Biden administration and its Western allies officially blamed China on Monday for a massive hack into Microsoft Exchange mail server software and accused Beijing of working with criminal hackers in ransomware and other attacks cyber operations.
The announcements, while not accompanied by sanctions against the Chinese government, were intended to strongly condemn activities that a senior administration official Biden described as part of a “pattern of irresponsible behavior in cyberspace.” They highlighted the continued threat of Chinese government hackers, even as the administration continues to try to curb ransomware attacks by Russia-based unions that have targeted critical infrastructure.
Beijing’s wide array of cyber threats disclosed on Monday included ransomware attacks by government-affiliated hackers that targeted victims – including in the United States – with demands of millions of dollars. U.S. officials allege that China’s State Security Ministry used criminal hackers who engaged in cyberextortion and theft schemes for their own benefit, officials said.
Meanwhile, the Justice Department on Monday announced charges against four Chinese nationals who prosecutors said were working with the State Security Department in a hacking campaign targeting dozens of computer systems, including businesses, universities and government entities. The defendants are accused of stealing trade secrets and confidential business information.
Unlike April, when the public tally of Russian hacking was associated with a series of sanctions against Moscow, the Biden administration did not announce any action against Beijing. Nonetheless, a senior administration official who briefed reporters said the United States had clashed with senior Chinese officials and the White House viewed the multinational public humiliation as an important message.
The European Union and Britain also called on China. The EU said malicious cyber activities with “significant effects” targeting government institutions, political organizations and key industries in the bloc’s 27 member states could be linked to Chinese hacking groups. The UK’s National Cyber Security Center said the groups were targeting maritime industries and naval defense contractors in the US, Europe and the Finnish parliament.
In a statement, EU foreign policy chief Josep Borrell said the hacking was “carried out from inside China for the purpose of intellectual property theft and espionage.”
The Microsoft Exchange cyber attack “by Chinese state-backed groups was reckless but familiar behavior,” British Foreign Minister Dominic Raab said.
NATO, in its first public condemnation of China for hacking activities, called on Beijing to respect its international commitments and obligations “and to act responsibly in the international system, including in cyberspace”. The alliance said it was determined to “deter, defend and actively counter the full spectrum of cyber threats.”
The fact that hackers affiliated with the Department of State Security engaged in ransomware was surprising and of concern to the US government, the senior administration official said. But the attack, in which an unidentified U.S. company received a large ransom demand, also gave U.S. officials new insight into what the official said was “the kind of aggressive behavior that we see it coming from China ”.
The majority of recent, most damaging and high-profile ransomware attacks have involved Russian criminal gangs. Although the United States has occasionally seen links between Russian intelligence agencies and individual hackers, the Chinese government’s use of criminal hackers “to conduct unauthorized cyber operations on a global scale is distinct,” the manager said.
The Microsoft Exchange hack that a few months ago compromised tens of thousands of computers around the world was quickly blamed on Chinese cyber spies by private sector groups. An administration official said the government’s attribution to hackers affiliated with China’s State Security Ministry has so far been in part due to ransomware discovery and for-profit hacking operations and because the administration wanted to combine the announcement with advice to companies on the tactics the Chinese used.
A notice released Monday by the FBI, National Security Agency, and Cybersecurity and Infrastructure Security Agency outlined specific techniques and means that government agencies and businesses can protect themselves from.
A spokesperson for the Chinese Embassy in Washington did not immediately respond to an email seeking comment on Monday. But a spokesperson for the Chinese Foreign Ministry previously deflected responsibility for the Microsoft Exchange hack, saying China “strongly opposes and fights cyber attacks and cyber theft in all its forms” and warned that the attribution Cyber attacks should be based on evidence and not on “baseless accusations.” “
Kelvin Chan in London contributed to this report.
Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP.
Copyright 2021 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.