US Government, NATO accuse China of Microsoft Exchange attacks
The Microsoft Exchange hack and many other attacks were caused by gangs working with the Chinese government, the Biden administration and NATO claim.
In March, Microsoft disclosed that Microsoft Exchange Server was the target of attacks, which it believed were conducted by a hacking group in China known as Hafnium. According to the White House and a UK security agency, it appears that the attacks were partly orchestrated by the Chinese government.
On Monday, the Biden administration sent an alert to government bodies and private companies holding China responsible for the attacks,reports the Financial Times. The attacks included thefts and extortion, as well as ransomware instances with demands in the millions of dollars.
Allies of the U.S. around the world have also issued their own warnings, including the UK's National Cyber Security Centre, which is part of the country's main national security agency, GCHQ.
"The attack on Microsoft Exchange servers is another serious example of a malicious act by Chinese state-backed actors in cyberspace," said NCSC Director of Operations Paul Chichester. "This kind of behavior is completely unacceptable, and alongside our partners we will not hesitate to call it out when we see it."
NCSC claim the Exchange attacks was "highly likely to enable large-scale espionage," including acquiring information on individuals as well as to acquire intellectual property.
A senior administration official said China's "Ministry of State Security uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit. Their operations include criminal activities, such as cyber-enabled extortion, crypto-jacking and theft from victims around the world for financial gain."
Alongside the announcement, the U.S. Department of Justice said on Monday that a federal grand jury in San Diego, California, indicted four nationals and residents of the People's Republic of China for hacking computer systems in the United States and abroad between 2011 and 2018. The indictment occurred in May, but was unsealed on Friday.
According to the indictment, the conspiracy's main theft was for IP of "significant economic benefit to China's companies and commercial sectors," including research and development efforts.
The group worked to steal trade secrets and confidential business information across many industries, including submersible and autonomous vehicle technologies, chemical formulas, genetic sequencing technology, and information "to support China's efforts to secure contracts for state-owned enterprises" in other countries.
Each of the four defendants are charged with a count of conspiracy to commit computer fraud and a count of conspiracy to commit economic espionage, which carry maximum prison sentences of 5 years and 15 years respectively.
Read on AppleInsider
In March, Microsoft disclosed that Microsoft Exchange Server was the target of attacks, which it believed were conducted by a hacking group in China known as Hafnium. According to the White House and a UK security agency, it appears that the attacks were partly orchestrated by the Chinese government.
On Monday, the Biden administration sent an alert to government bodies and private companies holding China responsible for the attacks,reports the Financial Times. The attacks included thefts and extortion, as well as ransomware instances with demands in the millions of dollars.
Allies of the U.S. around the world have also issued their own warnings, including the UK's National Cyber Security Centre, which is part of the country's main national security agency, GCHQ.
"The attack on Microsoft Exchange servers is another serious example of a malicious act by Chinese state-backed actors in cyberspace," said NCSC Director of Operations Paul Chichester. "This kind of behavior is completely unacceptable, and alongside our partners we will not hesitate to call it out when we see it."
NCSC claim the Exchange attacks was "highly likely to enable large-scale espionage," including acquiring information on individuals as well as to acquire intellectual property.
A senior administration official said China's "Ministry of State Security uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit. Their operations include criminal activities, such as cyber-enabled extortion, crypto-jacking and theft from victims around the world for financial gain."
Alongside the announcement, the U.S. Department of Justice said on Monday that a federal grand jury in San Diego, California, indicted four nationals and residents of the People's Republic of China for hacking computer systems in the United States and abroad between 2011 and 2018. The indictment occurred in May, but was unsealed on Friday.
According to the indictment, the conspiracy's main theft was for IP of "significant economic benefit to China's companies and commercial sectors," including research and development efforts.
The group worked to steal trade secrets and confidential business information across many industries, including submersible and autonomous vehicle technologies, chemical formulas, genetic sequencing technology, and information "to support China's efforts to secure contracts for state-owned enterprises" in other countries.
Each of the four defendants are charged with a count of conspiracy to commit computer fraud and a count of conspiracy to commit economic espionage, which carry maximum prison sentences of 5 years and 15 years respectively.
Read on AppleInsider
Comments
I agree with you that holes will be found, exploited and fixed in a game of cat and mouse but I have a suspicion that software design and quality out of the gate just isn't as strong as it should be.
For decades now, essential pieces of the networking puzzle like routers have been seriously lacking in resources. About ten years ago I was working on a project involving worm signatures and one of the biggest problems was there just weren't enough resources available on devices to provide a decent solution without seriously impacting performance.
In other areas, the breakneck speed at which new services are updated on Android and iOS is probably one of the reasons why these kinds of errors get exploited before they are found and fixed.
It's just a sensation, though.
/s
From Reuters:
"While a flurry of statements from Western powers represent a broad alliance, cyber experts said the lack of consequences for China beyond the U.S. indictment was conspicuous. Just a month ago, summit statements by G7 and NATO warned China and said it posed threats to the international order.
Adam Segal, a cybersecurity expert at the Council on Foreign Relations in New York, called Monday's announcement a "successful effort to get friends and allies to attribute the action to Beijing, but not very useful without any concrete follow-up."
Some of Monday's statements even seemed to pull their punches. While Washington and its close allies such as the United Kingdom and Canada held the Chinese state directly responsible for the hacking, others were more circumspect.
NATO merely said that its members "acknowledge" the allegations being leveled against Beijing by the U.S., Canada, and the UK. The European Union said it was urging Chinese officials to rein in "malicious cyber activities undertaken from its territory" - a statement that left open the possibility that the Chinese government was itself innocent of directing the espionage."
With the U.S. in full attack mode on China, it puts their allegations / assumptions into question.
Apparently there was a hack and also a release of information to others on how to exploit it. But there does not seem to be a consensus that it was initiated and supported by the Chinese government.
But, regardless, if the hackers were operating independently in China, it is up to China to shut them down -- at least.
Or, as the EU put it:
"The European Union said it was urging Chinese officials to rein in "malicious cyber activities undertaken from its territory""