US and allies finger China in Microsoft Exchange hack
The US has also blamed hackers working with China for ransomware attacks, extortion, crypto-jacking and other cybercrimes.
The United States and several allies have officially pointed the finger at China for the recent hack of Microsoft Exchange server as well as an ongoing series of cyberattacks carried out by contract hackers for personal profit. In a statement released on Monday, the White House said it joined with the U.K., the European Union and NATO in denouncing the People’s Republic of China’s for continued malicious cybercrimes.
SEE: Cybersecurity: Let’s get tactical (free PDF) (TechRepublic)
To start, the U.S. laid the blame on China’s doorstep for the recent hack of Microsoft Exchange server. In this incident, cyberattacks targeted organizations running Exchange on premises by exploiting four zero-day vulnerabilities in the software. The U.S. said it attributed these attacks to cyber actors associated with the PRC’s Ministry of State Security (MSS) in an operation that compromised tens of thousands of computers and networks around the world.
At the time, Microsoft and others attributed the Exchange server hack to a China-based group named Hafnium, which Microsoft said conducts its operations mostly from leased virtual private servers in the U.S. But this marks the first time the U.S. government has officially called out China as responsible for these attacks.
Beyond the Exchange incident, the U.S. blamed China for its role in ransomware attacks, cyber-enabled extortion, crypto-jacking and pure theft, impacting victims around the world. Specifically, the White House charged the country’s MSS with running an operation of worldwide contract hackers who commit cybercrimes, often for their own personal gain.
“PRC government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars,” the White House said. “The PRC’s unwillingness to address criminal activity by contract hackers harms governments, businesses and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments and mitigation efforts.”
As one response, the U.S. Department of Justice plans to announce criminal charges against four MSS hackers who targeted governments and other entities across at least 12 countries. According to DOJ documents, hackers for the MSS attempted to steal Ebola virus vaccine research, which the agency said shows that the PRC’s theft of intellectual property extends to public health information.
The impact of the charges against China ring even stronger as they’re coming not just from the U.S. Marking the first time it has criticized the PRC’s cybercriminal activity, NATO issued a statement on Monday joining the U.S. and others in attributing responsibility for the Exchange server compromise to the People’s Republic of China. The organization said it called on all countries, including China, to act responsibly in the international system, including in cyberspace.
In its own statement, the U.K. agreed that China was responsible for the Exchange hack, adding that it also has blamed China’s MSS as behind such cyberthreat groups as AP31 and APT40.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
“Widespread, credible evidence demonstrates that sustained, irresponsible cyber activity emanating from China continues,” the U.K. said in its statement. “The Chinese government has ignored repeated calls to end its reckless campaign, instead allowing its state-backed actors to increase the scale of their attacks and act recklessly when caught.”
The European Union also charged China with carrying out the Exchange server hack, which affected computers and networks in member states and EU institutions. Further, the EU joined the U.K. in linking China to the APT31 and APT40 groups, which it said run operations for the purpose of intellectual property theft and espionage.
With these allies in agreement that China is behind these attacks, the question now is what to do about it. The White House has outlined several measures designed to better defend and protect government agencies and the private sector from compromise. But a more effective strategy would involve multiple nations in a cyber equivalent to NATO.
“The most encouraging development here is the possible formation of an allied coalition to establish and defend norms in cyberspace,” said Hitesh Sheth, president and CEO at security firm Vectra. “We suffer damage because the cyber sphere lacks the governing protocols that limit, say, chemical and nuclear warfare. If the U.S. can lead a NATO-style coalition of influential nations to stabilize cyberspace, it will likely have long-term security benefits.”