Biden Administration And U.S. Allies Accuse China Of Spearheading Microsoft Exchange Hack
Earlier this year, malicious hackers exploited a vulnerability in Microsoft Exchange servers to attack an estimated 30,000 organizations worldwide. Both Microsoft and other organizations were quick to point fingers at Chinese hackers, but the Biden administration, along with U.S allies, are formally blaming China after accusing Bejing of working with the criminal hackers.
The announcements, released today, come as both condemnation and warning due to China’s “irresponsible and destabilizing behavior in cyberspace.” Though the country may want to be a responsible world leader, its malicious cyber activity “poses a major threat to U.S. and allies’ economic and national security.” Thus, the activities of China must be exposed to both hold the country accountable and keep other countries safe.
In coordination with the United States' allies, the Biden administration is first “Exposing the PRC’s use of criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit.” It is believed that China and its Ministry of State Security (MSS) have been a part of ransomware attacks and extortion, crypto-jacking, and other fraud for financial gain.
Furthermore, the Biden administration reports that, with a high degree of confidence, “MSS-affiliated cyber operators exploited [MS Exchange] vulnerabilities to compromise tens of thousands of computers and networks worldwide in a massive operation that resulted in significant remediation costs for its mostly private sector victims.” With this, the Biden administration is working to improve the security of Federal networks. Moreover, the National Security Agency, Cybersecurity and Infrastructure Agency, and the Federal Bureau of Investigation have released an advisory to outline China’s “cyber-techniques that have been used to target U.S and allied networks. “
Simultaneously, the United States Department of Justice has levied criminal charges against four MSS hackers who were reportedly involved in a “multiyear campaign targeting foreign governments and entities in key sectors, including maritime, aviation, defense, education, and healthcare in a least a dozen countries.” In this case, the MSS hackers allegedly attempted to steal the Ebola virus vaccine research, showing China’s malicious activities extends to critical public health information and should be quite concerning.
Despite no actions or sanctions coming with this announcement, it will be interesting to see if China backs down or extradites the MSS hackers who the DoJ has charged. However, it appears that will not be the case, as a Chinese Foreign Ministry spoke to the Associated Press in the past, deflecting blame for the Exchange hack and warning that the attribution of cyberattacks should not be based on “groundless accusations.” Whatever ends up happening, keep an eye on HotHardware for updates on this developing situation.