According to the latest news, key allies of the United States have accused the Chinese government for hiring gangs of hackers to carry out cyberattacks in the West. The recent Microsoft Exchange hack is attributed to Chinese hackers. The data breach gave attackers access to the email servers of around 30,000 organizations in the US alone.
Surprisingly, today’s announcement comes with no added sanctions against China. During the briefing, a senior White House executive said “The US and our allies and partners are not ruling out further actions to hold the PRC accountable.” On the other hand, the US Department of Justice announced criminal charges against four hackers sponsored by China’s MSS for “a multiyear campaign targeting foreign governments and entities in key sectors, including maritime, aviation, defence, education, and healthcare in the least a dozen countries.”
Initially, the Microsoft Exchange attack was blamed on Hafnium, a hacking group sponsored by the Chinese state. A senior White House official told reporters in a briefing at the weekend that the US government has “high confidence” that the Exchange hackers were being paid by the Chinese government.
The official said “[China’s] MSS — Ministry of State Security — uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit. Their operations include criminal activities, such as cyber-enabled extortion, crypto-jacking, and theft from victims around the world for financial gain.”
Bloomberg News reported that the accusation was made by not the only US but also by the EU, UK, Australia, Canada, New Zealand, Japan, and NATO. In a press statement, the European Union said these attacks were linked to hacking groups known as Advanced Persistent Threat 40 and Advanced Persistent Threat 31 while the UK’s National Cyber Security Centre (NCSC) said APT40 group had targeted “maritime industries and naval defence contractors in the US and Europe” while APT30 had attacked “government entities, including the Finnish parliament in 2020.”
NCSC Director of Operations Paul Chichester said in a press statement “The attack on Microsoft Exchange servers is another serious example of a malicious act by Chinese state-backed actors in cyberspace. This kind of behaviour is completely unacceptable, and alongside our partners, we will not hesitate to call it out when we see it.”
Cyber attacks and ransomware incidents are growing steadily all over the world and surprisingly the hackers are nowadays targeting bigger organizations. In 2021 itself, hackers targeted America’s largest meat supplier and a key oil pipeline. In both cases, Russia was alleged to be responsible for the attacks. Note that Russia was also blamed for 2020’s SolarWinds hack.