US, NATO and EU blame China for cyberattack on Microsoft Exchange servers

WASHINGTON – A new alliance made up of NATO member states, the European Union, Australia, New Zealand and Japan is coming together to tackle the global threat posed by Chinese state-sponsored cyberattacks.

In their first joint action on Monday, the alliance will publicly blame China’s Ministry of State Security for a massive cyberattack on Microsoft Exchange email servers earlier this year.

The attack was carried out by criminal hackers working for the MSS who are also engaged in cyberspace-enabled extortion, cryptojacking and ransomware, the official said.

The group will share intelligence on cyber threats and collaborate on network defenses and security, said a senior Biden administration official who requested anonymity to discuss a national security effort.

Also on Monday, the FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency released a new advisory listing 50 tactics, techniques, and procedures employed by Chinese state-sponsored hackers.

The blatant attack on the Microsoft Exchange server was made public in March and is believed to have affected at least 30,000 US organizations and hundreds of thousands more worldwide.

Microsoft was quick to identify the group behind the attack as a relatively unknown Chinese spy ring called Hafnium.

So far, the United States has not publicly blamed Beijing for the attack.

The delay in naming China was in part to give investigators time to gather evidence to show that Hafnium hackers were on the Chinese state payroll, the official said.

It was also important for the United States to act in concert with its allies when it made the public attribution, the official said.

At a time when cyber warfare is becoming the front line in a global power struggle between democracies and autocratic states, the new cybersecurity alliance could become a model for future efforts to confront transnational threats.

Monday’s joint announcements build on President Joe Biden’s effort earlier this summer to rally support among NATO and EU allies for a more confrontational approach to China.

They also come amid a growing number of economic and diplomatic sanctions that the Biden administration has imposed on Beijing this year, in response to alleged human rights abuses in Hong Kong and Xinjiang province.

On Friday, the United States sanctioned seven Chinese officials in response to Beijng’s crackdown on Hong Kong’s democratic institutions.

The United States also issued a trade advisory, warning American companies of potential data and privacy breaches by the Chinese government if they continue to do business in Hong Kong.

In response, a spokesman for China’s Foreign Ministry accused the United States of “meddling” in its internal affairs.

For now, the newly launched cybersecurity alliance focuses on cooperative security and threat alerts, not retaliation.

The White House has raised Microsoft’s attacks on senior members of the Chinese government, “making it clear that the [People’s Republic of China] actions threaten security, trust and stability in cyberspace, ”said the senior official.

But Beijing’s economic power around the world makes it extremely difficult for any group of countries to agree on concrete actions against China.

“We do not rule out more actions to maintain [China] “Responsible,” said the senior official, “but we are also aware that no action can change the behavior of the People’s Republic of China, nor can a country acting on its own. So initially we focused on bringing other countries with us. “

Add Comment