According EU and US, Microsoft Exchange email hack came from China

The European Union and United States on Monday blamed China for the hacking of the Microsoft Exchange email server that compromised tens of thousands of computers around the world earlier this year.

In a statement, the EU's High Representative for Foreign Affairs and Security Policy Josep Borrell said the malicious cyber activities had significantly affected our economy, security, democracy and society at large.

The Microsoft Exchange hack, first identified in January, was rapidly attributed to Chinese cyber spies by private sector groups.

Borrell's statement marks the first time the EU has leveled blame for the hack at China. The UK, Japan, Australia, Canada, New Zealand and NATO also issued their own condemnations.

We have also detected malicious cyber activities with significant effects that targeted government institutions and political organizations in the EU and Member States, as well as key European industries

Borrell said.

The attack against Microsoft Exchange could be traced to hacker groups known to cybersecurity professionals as Advanced Persistent Threat 40 (APT40) and Advanced Persistent Threat 31 (APT31), and was conducted from the territory of China for the purpose of intellectual property theft and espionage, he continued.

EU and allies present a united front

On Monday the United States' Biden administration and partners also disclosed a broad range of other cyber threats from Beijing, including ransomware attacks from government-affiliated hackers that have targeted companies with demands for millions of dollars.

The AP news agency reported that China's Ministry of State Security has been using criminal contract hackers, who have engaged in cyber extortion schemes and theft for their own profit, according to a briefing from a senior US official.

That official briefed reporters about the investigation on the condition of anonymity, the agency said.

Even though the finger-pointing was not accompanied by any sanctions on Beijing, a senior US official who disclosed the actions to reporters said that the US had confronted senior Chinese officials and that the White House regarded the multi nation public shaming as sending an important message.

The United Kingdom's National Cyber Security Center (NCSC) also issued a statement blaming the Chinese Ministry of State Security for a series of cyber attacks.

“The attack on Microsoft Exchange servers is another serious example of a malicious act by Chinese state-backed actors in cyberspace," said Paul Chichester, NCSC director of operations.

"Activity relating to APT40 included the targeting maritime industries and naval defence contractors in the US and Europe, and for APT31 the targeting of government entities, including the Finnish parliament in 2020," the NCSC said.

Officials: China using 'criminal hackers'

The majority of the most damaging and high-profile recent ransomware attacks have involved Russian criminal gangs. Though the US has sometimes seen connections between Russian intelligence agencies and individual hackers, the use of criminal contract hackers by the Chinese government “to conduct unsanctioned cyber operations globally is distinct,” a US government official told AP.

The official said it had taken until now to attribute the attack to hackers affiliated with China's Ministry of State Security in part because of the discovery of the ransomware and for-profit hacking operations and because the Biden administration wanted to pair the announcement with guidance for businesses about tactics that the Chinese have been using.

An advisory published on Monday from the FBI, the United States' National Security Agency and the Cybersecurity and Infrastructure Security Agency laid out specific techniques and ways that government agencies and businesses can protect themselves.

The White House also wanted to line up an international coalition of allies to call out China, according to the official, who said it was the first time NATO had condemned Beijing's hacking operations.

A Chinese Foreign Ministry spokesperson, asked about the Microsoft Exchange hack, has previously said that China “firmly opposes and combats cyber attacks and cyber theft in all forms” and cautioned that attribution of cyber attacks should be based on evidence and not “groundless accusations”.

Read the full article at the original site

References:

  • Website