Chinese spies were behind a massive Microsoft hack that hit tens of thousands of American companies, the U.S. says


Cyrillic Kudryavtsev

Cyrillic Kudryavtsev

The Biden administration and several allies will argue Monday morning that China’s private intelligence agencies are responsible for a large-scale hacking campaign that hit tens of thousands of companies around the world earlier this year.

According to executives from the Biden administration, hackers belonging to the Ministry of National Security (MSS) of China have taken advantage of security flaws in Microsoft Exchange Server software or Microsoft’s email software to perform large-scale operations. The attack was so widespread that The White House National Security Council at the time created an emergency response group To deal with the attack.

According to officials, the United States and its allies will explain how MSS has hired criminal hackers on a contract basis to carry out Beijing’s hacking operations.

“MSS uses knowledgeable criminal contract hackers to carry out unauthorized cyber operations globally,” a senior government official said in a phone call on Sunday.

The National Security Agency, the FBI, and the Cybersecurity and Infrastructure Security Agency (CISA) have spent months warning organizations about hacking Microsoft Exchange Server, but the U.S. government has campaigned against the Chinese government. This is the first time it has been officially attributed. Microsoft security researchers previously thought of this as: Actors active in ChinaHowever, the link with MSS is not explained in detail.

Members of the European Union, NATO, Japan, and the Five Eyes Intelligence Sharing Alliance (UK, Australia, Canada, and New Zealand) will also criticize the MSS hack on Monday, according to people familiar with the matter. This is the first time NATO has publicly attributed this type of activity to China.

The United States and its allies will also claim that contract hackers working at MSS are running hacking campaigns for their personal benefit. Some intelligence hackers are performing ransomware operations, officials said. In one case, a hacker targeted an American company and made millions of dollars worth of ransom demands.

The U.S. Department of Justice said Monday, May, that a federal grand jury coordinated a hacking campaign on behalf of MSS targeting victims in the U.S. and abroad between 2011 and 2018, with four Chinese citizens and residents. Announced that he was charged. I was approaching MSS.

US intelligence has long observed hackers associated with the Russian or Iranian government. Work for personal gain.. But MSS seems to have added a twist to the usual playbook of hackers who play a dual role, officials said.

“On the Russian side … we sometimes see individuals doing side jobs, and we … see some connections between Russian intelligence and individuals,” officials said. “But … it’s clear that MSS will use criminal contract hackers to perform unauthorized cyber operations globally.”

Contract hackers have long been MSS bread and butterAccording to a mysterious anonymous group known as Intrusion Truth, the survey is published on a blog aimed at revealing hackers working at MSS through front companies and contracts.Other researchers, including researchers at cybersecurity firm FireEye, have previously said Hackers belonging to the Chinese government seem to be focusing on finances Hack operations for your own personal benefit.

The Chinese embassy in the United States did not immediately return a request for comment.

The U.S. government has decided to emphasize China’s role in a series of recent hacks. Wave of cyber attacks It Russian-speaking cyber criminals And Hackers linked to the Russian government It has also launched for American companies in the last few months.The onslaught of attacks left scrambling to thwart the Biden administration Russian hacking campaign Ask Russian President Vladimir Putin to punish hackers launching attacks from within the country.

Putin’s response to Biden’s appeal for ransomware hacking has been slowed down by several measures, but the Kremlin states that it has not been requested by US agencies to seek hackers’ explanations. I’ve been burning Russia’s feet for the last few months. The administration expelled 10 Russian diplomats and imposed sanctions on a large number of individuals and businesses Following the hacking operation, the US government has stated that the Russian Foreign Intelligence Service (SVR) has been launched against US companies and several federal agencies.

However, if the administration’s response to Russian hacking is swift and somewhat comprehensive, the administration’s response to China’s hacking may appear to be underburdened.

The approach by Chinese hackers to hack Microsoft Exchange Server was not strategic, indiscriminate and brave, said Allison Nixon, who worked with companies vulnerable to Chinese hacking activities.

Nixon, chief research officer at cybersecurity consulting firm Unit 221B, told The Daily Beast that he didn’t seem to care whether the victim’s machine belonged to a strategic target or a rival country. “.

According to Nixon, Chinese hackers did not leave vulnerable systems intact, exposing companies to ransomware attacks.

“They attacked all the vulnerable people,” Nixon said. “When this is increasingly damaging the private system and tired people with this constant onslaught, we have to draw a line somewhere.”

Dmitri Alperovitch, former CTO of cybersecurity firm CrowdStrike, 2016 Democratic National Convention Hack To Russian government hackers — told The Daily Beast that the US government should put more pressure on the Chinese government.

“Given that sanctions have already been used against virtually all other fraudulent cyber nation-states, it is a clear oversight not to use sanctions against China,” said Silverado Policy Accelerator executive now. Chairman Alperovitch said. “The administration deserves recognition of the abominable United Nations credit for China’s reckless Microsoft Exchange hacking. The next logical step includes relevant criminal accusations and unprecedented sanctions. I’m looking forward to it. [the People’s Republic of China] Actor of such a violation. “

The Biden administration has not denied further pressure on Beijing, government officials said, saying U.S. officials have contacted senior Chinese officials and warned that their brave hacks would have consequences. Stated.

“”We do not intend to rule out further actions to make China accountable. ” “We also recognize that one action cannot change China’s behavior … expressing concern about both the Microsoft case and China’s widespread malicious cyber activity by senior Chinese government officials. Revealed that behavior threatens security and trust, and the stability of cyberspace. “

Other countries are expected to return to Beijing in the coming days, according to people familiar with the matter.

Beijing could justify the naming and shame of the U.S., EU, and allies, but bringing certain hackers to trial is essential to advancing this type of attack, the Institute said. Chief Executive Officer Phil Reiner said. Security and technology.

“The Biden administration continues to prioritize working with international partners to implement global rules and norms. This is fresh and welcome. This frustrating and dangerous cyber activity is allowed. Revealing to other national leaders that they will not be done is a powerful tool, but you should wonder if additional actions such as prosecution and sanctions will continue. “In the case of China, international pressure can be seen as a powerful tool, but the people who carried out these attacks also need to be held accountable.”

For more information, see The Daily Beast.

Put your top stories in your inbox every day. Sign up now!

Daily Beast Membership: Beast Inside digs deeper into stories that are important to you. learn more.

Posted on