The US, NATO and the EU blame China for cyberattacks on Microsoft Exchange servers


WASHINGTON – A new joint effort by NATO member states, the European Union, Australia, New Zealand and Japan comes together to address the global threat posed by government sponsored Chinese cyberattacks.

In their first action on Monday, the countries will publicly blame the Chinese Ministry of State Security for a massive cyberattack on Microsoft Exchange email servers earlier this year.

The attack was carried out by criminal contract hackers who work for the MSS and also engage in cyber extortion, crypto jacking and ransomware, the official said.

In this illustration photo taken on July 12, 2017, computer code can be seen on a screen over a Chinese flag.

Thomas White | Reuters

The group will share information on cyber threats and work together on network defense and security, said a senior Biden government official who requested anonymity to speak about national security efforts.

Also on Monday, the FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency released a new advisory listing 50 tactics, techniques, and procedures that Chinese government-sponsored hackers are using.

The brazen attack on the Microsoft Exchange server became public in March and is believed to have hit at least 30,000 American organizations and hundreds of thousands more worldwide.

Microsoft quickly identified the group behind the hack as a relatively unknown Chinese spy network called Hafnium.

So far, the US has stopped holding Beijing publicly responsible for the attack.

The delay in naming China was partly due to giving investigators time to gather the evidence to prove the hafnium hackers were on China’s state payroll, the official said.

It is also important for the United States to work with its allies on public attribution, the official said.

At a time when cyber warfare is becoming the front line in a global power struggle between democracies and autocratic states, the new cybersecurity alliance could become a model for future efforts to counter transnational threats.

Monday’s joint announcements build on President Joe Biden’s efforts earlier this summer to garner support from NATO and EU allies for a more confrontational approach to China.

They also come amid a rising number of economic and diplomatic sanctions imposed on Beijing by the Biden government earlier this year in response to alleged human rights abuses in Hong Kong and Xinjiang Province.

On Friday, the United States sanctioned seven Chinese officials in response to Beijing’s crackdown on Hong Kong’s democratic institutions.

The US has also issued a corporate advisory service warning US companies of possible privacy and privacy violations by the Chinese government if they continue to do business in Hong Kong.

In response, a Chinese State Department spokesman accused the United States of “meddling” in its internal affairs.

Currently, multinational cybersecurity efforts are focused on cooperative security and threat alerts rather than retaliation.

The White House raised the Microsoft attacks with senior members of the Chinese government and “made it clear that the [People’s Republic of China] Actions threaten security, confidence and stability in cyberspace, “said the senior official.

But Beijing’s economic power around the world makes it extremely difficult for any group of countries to agree on specific measures against China.

“We are not ruling out further measures” [China] responsible, “said the senior official,” but we are also aware that no single measure can change the behavior of the PRC, and no country can act alone. That’s why we really focused in the beginning on taking other countries with us. “