China accused of cyberattack on Microsoft Exchange server

Microsoft sign-in in Los Angeles (file photo)

The attack affected approximately 250,000 Microsoft Exchange servers.

The UK and EU have accused China of launching a major cyberattack earlier this year.

The attack targeted Microsoft Exchange servers and affected more than 250,000 servers worldwide.

The EU first issued a statement that the attack came from “China’s territory,” while Britain said China’s state-owned officials were responsible. The United States is expected to follow suit.

Countries also said China’s Department of Homeland Security was responsible for other espionage activities.

The United States and the United Kingdom frequently call for cyber campaigns from nation-states, but the EU’s participation in calling for Beijing shows the significance of the proceedings. Western intelligence officials say China’s actions were significantly more serious than they had ever seen.

In the UK, the National Cyber ​​Security Center (NCSC) has issued personalized advice to more than 70 affected organizations to address attacks.

Hackers have exploited a vulnerability that could allow a web shell to be placed on a system that could act as a backdoor, allowing further exploitation.

It was then exploited by other hacking groups, leaving the system vulnerable to criminals, ransomware attacks, and even spies.

“A cyberattack on Microsoft Exchange Server by a Chinese state-owned group was a reckless yet familiar pattern of behavior,” said Foreign Minister Dominic Raab. “The Chinese government needs to end this systematic cyber-jamming, otherwise it is expected to be held liable.”

UK Foreign Ministry said The attack was very likely to enable large-scale espionageIncludes the acquisition of personally identifiable information or intellectual property.

The Chinese government “ignored repeated calls to end the reckless campaign and instead allowed state-sponsored actors to scale up the attack and act recklessly when caught.” Stated.

Microsoft released details of the hack in March, stating that a group called Hafnium, which is associated with China, is responsible. China denied those accusations.

EU statement came in declaration By senior representative of foreign affairs and security policy.

“The breach and abuse of Microsoft Exchange servers has compromised the security and integrity of thousands of computers and networks around the world. [EU] Member states and EU institutions. This gives access to a significant number of hackers who have been exploiting breaches in the past.

“This irresponsible and harmful behavior poses security risks and significant economic losses to government agencies and private sectors, with significant spillover and systematic consequences for security, the economy and society as a whole.”

The EU statement also said it had seen other Chinese actions that raised concerns. “We also detected malicious cyber activity with significant impacts targeting government agencies and political organizations in the EU and member states, as well as major European industries.”

Similar to the United Kingdom, we have associated these activities with two groups based in China (known as APT40 and APT31) accused of espionage and intellectual property theft.

Posted on