US warns China over state-sponsored hacking, citing mass attacks on Exchange

The US government and its allies "formally confirmed that cyber actors affiliated with the MSS exploited vulnerabilities in Microsoft Exchange Server in a massive cyber espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims," Blinken said.Blinken's statement was released alongside a Justice Department announcement that three MSS officers and one other Chinese national were indicted by a federal grand jury on charges related to a different series of hacks into the "computer systems of dozens of victim companies, universities, and government entities in the United States and abroad between 2011 and 2018." Blinken said that the US "and countries around the world are holding the People's Republic of China (PRC) accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security."The US did not announce any new sanctions against China, but Blinken said the indictment is evidence that "the United States will impose consequences on PRC malicious cyber actors for their irresponsible behavior in cyberspace."The Microsoft Exchange attacks have been public knowledge for over four months. These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the MSS had them on its payroll."The European Union issued a statement today saying the attacks were "conducted from the territory of China for the purpose of intellectual property theft and espionage," but it did not say the attackers were state-sponsored."We continue to urge the Chinese authorities to adhere to these norms and not allow its territory to be used for malicious cyber activities, and take all appropriate measures and reasonably available and feasible steps to detect, investigate and address the situation," the EU said.The United Kingdom's statement today said, "The UK is joining like-minded partners to confirm that Chinese state-backed actors were responsible for gaining access to computer networks around the world via Microsoft Exchange servers." Later in the release, the UK said its National Cyber Security Centre "is almost certain that the Microsoft Exchange compromise was initiated and exploited by a Chinese state-backed threat actor," namely Hafnium, and that the "attack was highly likely to enable large-scale espionage, including acquiring personally identifiable information and intellectual property."According to the Associated Press, "a Chinese Foreign Ministry spokesperson has previously deflected blame for the Microsoft Exchange hack, saying that China 'firmly opposes and combats cyber attacks and cyber theft in all forms' and cautioned that attribution of cyberattacks should be based on evidence and not 'groundless accusations.'"