China accused of large-scale Microsoft Exchange Server hack
The US, UK and other allied nations have accused the Chinese Ministry of State Security of engaging in a global hacking campaign. Included in this was an attack on Microsoft Exchange servers earlier in the year, and other activity that has been described as "irresponsible and destabilizing behavior in cyberspace".
China has been called on to "end this systematic cyber sabotage", and a statement issued by the White House said that "an unprecedented group of allies and partners are joining the United States in exposing and criticizing the PRC’s malicious cyber activities".
- Microsoft is shipping Windows 11 in dark mode by default
- Investigation uncovers global abuse of Pegasus malware to spy on journalists, activists and more
- Microsoft announces Windows 10 21H2 with new productivity, management and security features
The allies -- including the US, UK, NATO, the European Union and others -- join the Biden administration in "exposing the PRC’s use of criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit".
The statement goes on to say: "The United States is deeply concerned that the PRC has fostered an intelligence enterprise that includes contract hackers who also conduct unsanctioned cyber operations worldwide, including for their own personal profit. As detailed in public charging documents unsealed in October 2018 and July and September 2020, hackers with a history of working for the PRC [People Republic of China] Ministry of State Security (MSS) have engaged in ransomware attacks, cyber enabled extortion, crypto-jacking, and rank theft from victims around the world, all for financial gain".
In some cases, we are aware that PRC government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars. The PRC's unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts.
The US Department of Justice says that it is pursuing criminal charges against four hackers from the Ministry of State Security who were involved in attacks against aviation, maritime, education and healthcare targets. Referring to the Microsoft attacks from earlier this year, the White House says:
Attributing with a high degree of confidence that malicious cyber actors affiliated with PRC’s MSS conducted cyber espionage operations utilizing the zero-day vulnerabilities in Microsoft Exchange Server disclosed in early March 2021.
Before Microsoft released its security updates, MSS-affiliated cyber operators exploited these vulnerabilities to compromise tens of thousands of computers and networks worldwide in a massive operation that resulted in significant remediation costs for its mostly private sector victims.
The NSA, FBI and CIA have released a cybersecurity advisory to detail additional PRC state-sponsored cyber techniques used to target US and allied networks, including those used when targeting the Exchange Server vulnerabilities. The advisory, entitled Chinese State-Sponsored Cyber Operations: Observed TTPs is quite detailed, but does not give away specific details of attack techniques.