The Chinese government is behind a recent series of cyberattacks on Microsoft Exchange Server, the White House confirmed today.
“[We are] attributing with a high degree of confidence that malicious cyber actors affiliated with the [People’s Republic of China’s (PRC) Ministry of State Security (MSS)] conducted cyber espionage operations utilizing the zero-day vulnerabilities in Microsoft Exchange Server disclosed in early March 2021,” the White House says.
The software had been under attack since at least January 2021, with hackers exploiting four vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 to access email accounts and install malware. In March, Microsoft said Chinese state-sponsored group Hafnium, which was found stealing information from US targets, was behind the attacks. Reports later suggested at least 10 different hacking groups were exploiting the Microsoft Exchange Server flaws.
By late March, Microsoft updated its Defender Antivirus software to attack the most severe vulnerability. “Before Microsoft released its security updates, MSS-affiliated cyber operators exploited these vulnerabilities to compromise tens of thousands of computers and networks worldwide in a massive operation that resulted in significant remediation costs for its mostly private sector victims,” the White House says.
Victims include the email system for Norway’s parliament; Foreign Minister Ine Eriksen Soereide today placed the blame on China, Reuters reports.
The US was joined by several allies in today’s announcement. The UK’s National Cyber Security Center (NCSC) also points the finger at Hafnium, claiming the attack on Microsoft’s Exchange Server was “highly likely to enable large-scale espionage, including acquiring personally identifiable information and intellectual property.
“It is the most significant and widespread cyber intrusion against the UK and allies uncovered to date,” according to the NCSC, which also attributed attacks on maritime industries, naval defense contractors, and government entities to the MSS.
The European Council today “strongly” denounced the malicious activities and urged Chinese authorities to “take all appropriate measures and reasonably available and feasible steps to detect, investigate, and address the situation.”
Separately, the Department of Justice also unveiled criminal charges against four members of the PRC MSS for attacks on dozens of companies, universities, and government entities in the US and abroad between 2011 and 2018.