U.S. formally accused China of fostering cyberattack on Microsoft Exchange

The White House on Monday formally accused the Chinese government of hacking Microsoft Corp’s email systems used by many of the companies, governments and military contractors around the world, as the U.S. joined a group of allies to condemn Beijing for global cyberattacks.

“The United States is deeply concerned that the PRC [People’s Republic of China] has fostered an intelligence enterprise that includes contract hackers who also conduct unsanctioned cyber operations worldwide,” the White House statement said, accusing China for the first time.

The U.S. also joined a group of allies and partners – including the European Union, the United Kingdom, along with the members of NATO – in exposing and criticizing the PRC’s malicious cyber activities.

In March, the Redmond-based tech giant noticed a mass-hacking campaign that targeted its email servers named ‘Microsoft Exchange’ along with four previously undiscovered vulnerabilities that allowed the cybercriminals to steal email mailboxes and address books from tens of thousands of nationwide organizations.

Although Microsoft released patches to fix the vulnerabilities, it did not remove any backdoor code left behind by the cybercriminals that might be used again for easy access to a hacked server.

That prompted the FBI to secure a first-of-its-kind court order from the Department of Justice to “copy and remove” backdoors from hundreds of U.S.-based Exchange servers.

Later, Microsoft pointed out that the hackers had been exploiting the Exchange bug since January of this year and attributed the hack to a China-backed group of hackers called Hafnium.

The attack launched by hackers backed by China’s Ministry of State Security (MSS) resulted in “significant remediation costs for its mostly private sector victims,” the White House said.

In another statement, Secretary of State Antony J. Blinken said, “The PRC’s Ministry of State Security (MSS) has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain.”

“These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the MSS had them on its payroll,” Blinken said.

The U.S. government said it is concerned about the “PRC’s broader malicious cyber activity with senior PRC Government officials, making clear that the PRC’s actions threaten security, confidence, and stability in cyberspace.”

The move marks a significant escalation in a decade-long effort and an example of how the Biden administration is trying to enlist allies to blame China’s behavior after four years of the Trump administration’s unilateralism.  

“We call on all states, including China, to uphold their international commitments and obligations and to act responsibly in the international system, including in cyberspace,” the North Atlantic Treaty Organization (NATO) said in a statement.

EU foreign policy chief Josep Borrell Fontelles in a statement on Monday said the hacking was “conducted from the territory of China for the purpose of intellectual property theft and espionage.”

“This irresponsible and harmful behavior resulted in security risks and significant economic loss for our government institutions and private companies, and has shown significant spillover and systemic effects for our security, economy and society at large,” Borrell said.

Borrell called on Chinese authorities not to allow “its territory to be used” for such activities and to “take all appropriate measures and reasonably available and feasible steps to detect, investigate and address the situation.”

U.K. Foreign Secretary Dominic Raab said China’s actions represent “a reckless but familiar pattern of behavior.”

“The Chinese Government must end this systematic cyber sabotage and can expect to be held [to] account if it does not,” Raab said in a statement.

In a tweet, NATO Secretary-General Jens Stoltenberg said that the alliance “stands in solidarity with all those affected by malicious cyber activities, including the Microsoft Exchange Server compromise. We call on all states, including China, to uphold their international obligations & act responsibly.”

Despite showing concerns and blaming China, the announcement lacked sanctions similar to ones that the U.S. government imposed on Russia in April, when it accused Moscow for the large-scale SolarWinds hack that affected the government agencies and hundreds of companies.

The SolarWinds hack, one of the most sophisticated cyberattacks ever detected in the U.S., was an effort by Russia’s intelligence service to alter code in widely used network-management software to gain access to more than 18,000 businesses, federal agencies and think tanks.

By joining allies to condemn China and imposing sanctions on Russia, the Biden administration has delved deeper into a digital Cold War with two of the United State’s main geopolitical adversaries than at any time in modern history.

The last time China was caught in such broad-scale surveillance was in 2014, stealing more than 22 million security-clearance files from the Office of Personnel Management.

President Biden has assured to fortify the government, making cybersecurity a focus of his summit meeting in Geneva with Russian President Vladimir Putin. 

The National Security Agency (NSA), the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) also issued an advisory on Monday warning that Chinese hacking presented a “major threat” to the U.S. and its allies and said its targets include “political, economic, military, and educational institutions, as well as critical infrastructure.”

The U.S. Department of Justice (DoJ) also announced criminal charges against four MSS hackers addressing activities concerning a multi-year campaign targeting foreign governments and entities in critical sectors, including maritime, aviation, defense, education, and healthcare in dozen countries.

Picture Credit: NYTimes