Joining allies from around the world, including every member nation of NATO, the United States formally accused China of hacking Microsoft. The accusation includes details about Chinese-backed criminal hacking organizations tasked with targeting companies, organizations and governments worldwide.
It is the first time the United States has accused China of sponsoring attacks on U.S. targets–the list of affected entities including government agencies as well as a huge portfolio of companies both private and public. It is also the first time NATO members have told China to knock it off.
Unlike the SolarWinds attack attributed to Russian-backed threat actors, the United States did not indicate there would be any retaliatory economic measures.
Included in the formal accusation was a statement from Secretary of State Antony J. Blinken, who decried China’s Ministry of State Security’s “ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain.” NATO members have been historically reticent about chastising China, a major trading partner, but they too asked China to desist: “We call on all states, including China, to uphold their international commitments and obligations and to act responsibly in the international system, including in cyberspace.”
The attack against Microsoft targeted an estimated 30,000 users of Microsoft Exchange Server email software. According to Brian Krebs, it was a complex operation carried out by a Chinese cyber espionage unit. The threat actors have since been identified, and are without question connected to the Chinese government’s hacking activity.
The hack made it possible for China to take complete, remote control of systems worldwide. While the majority of hacking activity occurred over a span of days and targeted any system using an unpatched version of Microsoft Exchange, the exploit continues to be exploited in unpatched environments.
In an unusual move, the FBI obtained a court order that allowed them to hack into unpatched systems and remove code left by the Chinese hackers to protect against possible follow-up attacks. This is the first time U.S. law enforcement has conducted preventative operations in the middle of an active investigation.
For more click here.