The UK confirmed on Monday that Chinese state support officials were responsible for a cyberattack on Microsoft Exchange earlier this year that affected more than 250,000 servers worldwide.
Foreign Minister Dominic Raab Said in a statement The attack was a “reckless but familiar behavior pattern.”
“The Chinese government needs to end this systematic cyber nuisance and can be expected to be held. [to] If not, create an account, “Raab warned.
The National Cyber Security Center (NCSC) said it was “almost certain” that hafnium, a group “very likely” to be associated with the Chinese state, was the cause of the attack.
The attack was also evaluated as likely to enable large-scale espionage, such as the acquisition of personally identifiable information and intellectual property.
The NCSC said the attack on Microsoft Exchange servers was “the most serious and widespread cyber intrusion into the United Kingdom and allies ever discovered.”
In a statement, NCSC Operations Director Paul Chichester said the attack was “another serious example of malicious activity by Chinese state-sponsored actors in cyberspace.”
The NCSC said it was able to quickly provide tailored advice to the affected organizations to mitigate the damage.
Officials also said the Chinese Department of Homeland Security (MSS) is behind an activity known as “APT40” by cybersecurity experts. [Advanced Persistent Threat 40]And “APT31 [Advanced Persistent Threat 31].. “
Targeting US and European maritime and naval defense contractors, regional opponents of the One Zone One Road Initiative, and multiple Cambodian election organizations for the 2018 elections, the APT40 is sponsored by the regional MSS Security. The office likely to be, MSS Hainan National Security Agency (HSSD), NCSC said.
He added that APT31, which targets government agencies, politicians, contractors and service providers, is “almost certain” to be a group of contractors working directly at MSS.
The UK announcement will be made in collaboration with UK allies such as the United States, the European Union and NATO.
“There is growing concern that cyber threats to the security of the alliance are complex, destructive, compulsory, and increasingly frequent,” NATO said. It disrupts the daily lives of citizens. “
“Reaffirming NATO’s defensive mission, the Alliance shall always adopt the full range of features as necessary to proactively deter, defend and counter the full range of cyber threats in accordance with international law. I am determined, “said the statement. ..
Also on Monday, the United States indicted four Chinese involved in APT40, three of whom are alleged officers of HSSD, a local agency of MSS in China.
Defendants were charged with campaigns to hack computer systems from dozens of victims, universities and government agencies in the United States and abroad between 2011 and 2018.
The US Department of Justice said the campaign targeted victims in the United States, Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland and the United Kingdom.