The UK, the US and the European Union (EU) on Monday accused Chinese state-backed actors of hacking more than 250,000 computer networks around the world via Microsoft Exchange servers.
Britain said it was joining like-minded partners to confirm that the Chinese state-backed actors were “responsible for gaining access to computer networks around the world”.
The UK Foreign Office said in a statement: “The attacks took place in early 2021, affecting over a quarter of a million servers worldwide.”
Britain also attributed China’s ministry of state security (MSS) or the civilian intelligence agency of being behind hacker groups known to cyber security experts as Advanced Persistent Threat 40 (APT40) and Advanced Persistent Threat 31 (APT31).
Also Read | Women at risk, from streets to cyberspace
Both APT40 and APT31 have been described by experts as actors backed by or having a nexus with the Chinese state that specialise in targeting crucial technologies or intellectual property theft.
The EU said in a statement that the targeting of Microsoft Exchange servers undermined the security of thousands of networks worldwide, including in member states and EU institutions. “It allowed access to a significant number of hackers that have continued to exploit the compromise to date,” the statement added.
The EU further said it detected malicious cyber activities linked to APT40 and APT31 that were “conducted from the territory of China” and targeted government institutions and political organisations in member states and key European industries for intellectual property theft and espionage.
US secretary of state Antony Blinken said that “countries around the world are holding the People’s Republic of China (PRC) accountable for its pattern of irresponsible, disruptive, and destabilising behaviour in cyberspace. The MSS, he added, has “fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain”.
Blinken said the US and its partners had “formally confirmed that cyber actors affiliated with the MSS exploited vulnerabilities in Microsoft Exchange Server in a massive cyber espionage operation”.
“As evidenced by the indictment of three MSS officers and one of their contract hackers unsealed by the Department of Justice [on Monday], the US will impose consequences on PRC malicious cyber actors for their irresponsible behaviour in cyberspace,” Blinken added.
UK foreign secretary Dominic Raab described the cyber attacks by Chinese state-backed groups as a “reckless but familiar pattern of behaviour”. He added, “The Chinese Government must end this systematic cyber sabotage and can expect to be held account if it does not.”
The attack was highly likely to enable large-scale espionage, including acquiring personally identifiable information and intellectual property, the Foreign Office said.
At the time of the attack, the UK provided advice and recommended actions to those affected and Microsoft said that 92% of customers had patched against the vulnerability by the end of March.
“The Chinese government has ignored repeated calls to end its reckless campaign, instead allowing its state-backed actors to increase the scale of their attacks and act recklessly when caught,” the Foreign Office statement said.
The UK said its coordinated action with partners is part of the world community’s efforts to “urge the Chinese government to take responsibility for its actions and respect the democratic institutions, personal data and commercial interests of those with whom it seeks to partner”.
“The UK is calling on China to reaffirm the commitment made to the UK in 2015 and as part of the G20 not to conduct or support cyber-enabled theft of intellectual property of trade secrets,” it added.
The UK’s National Cyber Security Centre (NCSC) issued specific advice to more than 70 affected organisations in Britain to enable them to mitigate the effects of the hacking.
In 2018, the UK government and its allies revealed that elements of the China’s ministry of state security were responsible for one of the most significant and widespread cyber intrusions stealing trade secrets.