Skip to main content

US and allies accuse Chinese government of masterminding Microsoft Exchange cyberattack

US and allies accuse Chinese government of masterminding Microsoft Exchange cyberattack


The US, EU, UK, and NATO are accusing China of sponsoring cybercrime

Share this story

Illustration by Alex Castro / The Verge

The United States and key allies have accused the Chinese government for the first time of hiring gangs of hackers to carry out cyberattacks in the West. Attacks attributed to China include the recent Microsoft Exchange hack, a significant and widespread breach that gave attackers access to the email servers of an estimated 30,000 organizations in the US alone.

The Microsoft Exchange attack was initially blamed on Hafnium, a hacking group sponsored by the Chinese state. A senior official in the White House told reporters in a briefing at the weekend that the US government had “high confidence” that the Exchange hackers were being paid by the Chinese government.

China is accused of hiring gangs of hackers to carry out cyberattacks

“[China’s] MSS — Ministry of State Security — uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit,” said the official. “Their operations include criminal activities, such as cyber-enabled extortion, crypto-jacking and theft from victims around the world for financial gain.”

The accusation against China was made by the US, EU, UK, Australia, Canada, New Zealand, Japan, and NATO, reports Bloomberg News.

In a press statement, the European Union said these and other attacks were linked to hacking groups known as Advanced Persistent Threat 40 and Advanced Persistent Threat 31 (these labels are used by cybersecurity professionals to track the activity of known organizations). The UK’s National Cyber Security Centre (NCSC) said that the APT40 group had targeted “maritime industries and naval defence contractors in the US and Europe” while APT30 had attacked “government entities, including the Finnish parliament in 2020.”

“The attack on Microsoft Exchange servers is another serious example of a malicious act by Chinese state-backed actors in cyberspace,” said NCSC Director of Operations Paul Chichester in a press statement. “This kind of behaviour is completely unacceptable, and alongside our partners we will not hesitate to call it out when we see it.”

Cyberattacks and ransomware incidents have been on the rise in recent years, with gangs of hackers apparently targeting larger organizations. This year alone, hackers have targeted America’s largest meat supplier and a key oil pipeline, though in both cases the groups responsible are thought to be based in Eastern Europe, and most likely Russia.

Russia was also blamed for 2020’s SolarWinds hack, which breached a number of US federal government entities, and to which the US responded with new economic sanctions.

However, today’s announcement includes no similar sanctions against China for its role in the Microsoft Exchange attack (though these could follow). “The US and our allies and partners are not ruling out further actions to hold the PRC accountable,” said a senior White House official during a briefing. The US Department of Justice did, though, announce criminal charges against four hackers sponsored by China’s MSS for “a multiyear campaign targeting foreign governments and entities in key sectors, including maritime, aviation, defense, education, and healthcare in a least a dozen countries.”

The most notable aspect of today’s accusation is instead the broad coalition of countries that are publicly condemning China. It also the first time the military alliance NATO has formally accused the country of organizing cyberattacks.

Today’s Storystream

Feed refreshed Two hours ago Not just you

Emma RothTwo hours ago
Rihanna’s headlining the Super Bowl Halftime Show.

Apple Music’s set to sponsor the Halftime Show next February, and it’s starting out strong with a performance from Rihanna. I honestly can’t remember which company sponsored the Halftime Show before Pepsi, so it’ll be nice to see how Apple handles the show for Super Bowl LVII.

Emma Roth8:01 PM UTC
Starlink is growing.

The Elon Musk-owned satellite internet service, which covers all seven continents including Antarctica, has now made over 1 million user terminals. Musk has big plans for the service, which he hopes to expand to cruise ships, planes, and even school buses.

Musk recently said he’ll sidestep sanctions to activate the service in Iran, where the government put restrictions on communications due to mass protests. He followed through on his promise to bring Starlink to Ukraine at the start of Russia’s invasion, so we’ll have to wait and see if he manages to bring the service to Iran as well.

External Link
Emma Roth5:52 PM UTC
We might not get another Apple event this year.

While Apple was initially expected to hold an event to launch its rumored M2-equipped Macs and iPads in October, Bloomberg’s Mark Gurman predicts Apple will announce its new devices in a series of press releases, website updates, and media briefings instead.

I know that it probably takes a lot of work to put these polished events together, but if Apple does pass on it this year, I will kind of miss vibing to the livestream’s music and seeing all the new products get presented.

External Link
Emma RothSep 24
California Governor Gavin Newsom vetoes the state’s “BitLicense” law.

The bill, called the Digital Financial Assets Law, would establish a regulatory framework for companies that transact with cryptocurrency in the state, similar to New York’s BitLicense system. In a statement, Newsom says it’s “premature to lock a licensing structure” and that implementing such a program is a “costly undertaking:”

A more flexible approach is needed to ensure regulatory oversight can keep up with rapidly evolving technology and use cases, and is tailored with the proper tools to address trends and mitigate consumer harm.

Welcome to the new Verge

Revolutionizing the media with blog posts

Nilay PatelSep 13
Andrew WebsterSep 24
Look at this Thing.

At its Tudum event today, Netflix showed off a new clip from the Tim Burton series Wednesday, which focused on a very important character: the sentient hand known as Thing. The full series starts streaming on November 23rd.

The Verge
Andrew WebsterSep 24
Get ready for some Netflix news.

At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.

Tom WarrenSep 23
Has the Windows 11 2022 Update made your gaming PC stutter?

Nvidia GPU owners have been complaining of stuttering and poor frame rates with the latest Windows 11 update, but thankfully there’s a fix. Nvidia has identified an issue with its GeForce Experience overlay and the Windows 11 2022 Update (22H2). A fix is available in beta from Nvidia’s website.