Western Powers Denounce Chinese State-Backed Hackers

Published: 22 July 2021

Microsoft Logo

The cyberattack on Microsoft, which began on February 28, took advantage of four previously undetected weaknesses in Microsoft’s Exchange software, allowing the hacker group to process emails and calendars until Microsoft released emergency updates a few days later. (Photo: Mike Mozart, Flickr, License)

By Emily Tian

China denied on Tuesday allegations made by Western powers that Chinese state-backed actors were orchestrating malicious cyber activity, including cyber attacks such as the one against Microsoft that took place in early 2021 and affected a quarter of a million servers worldwide.

The United States, European Union, the United Kingdom, and North Atlantic Treaty Organization (NATO) slammed China for repeatedly backing such cyber attacks.

However, Zhao Lijian, spokesperson for the Ministry of Foreign Affairs of People's Republic of China, has rejected the allegations on Tuesday, describing them as “groundless” and serving “political purposes.”

The cyberattack on Microsoft, which began on February 28, took advantage of four previously undetected weaknesses in Microsoft’s Exchange software, allowing the hacker group to process emails and calendars until Microsoft released emergency updates a few days later.

According to a U.K. government press release, the attack was likely to enable widespread espionage and identity and intellectual property theft. Microsoft said that by the end of March, 92% of its customers were protected against the risk of attack.

It’s not just the Microsoft attack that drew such strong collective condemnation.

U.K. Foreign Secretary Dominic Raab called the Microsoft cyberattack a “reckless but familiar pattern of behaviour.”

The White House said in a statement on Monday that China “has fostered an intelligence enterprise that includes contract hackers who also conduct unsanctioned cyber operations worldwide, including for their own personal profit.”

Hackers with a history of working for China’s Ministry of State Security have been involved in ransomware attacks, extortion, crypto-jacking, and theft for financial gain, the statement said.

The Council of the European Union linked malicious cyber activities targeting government institutions in the EU and its member states to hacker groups known as Advanced Persistent Threat (APT) 40 and Advanced Persistent Threat 31. APT groups are supported by countries and often try to pursue their objectives over longer stretches of time compared to other attackers.

A cybersecurity advisory released by the U.S. National Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI), which shares technical details on tactics used by Chinese state-sponsored cybercriminals, called the government’s state-sponsored cyber activity “increasingly sophisticated” and a “major threat” to the U.S. and its allies.

The U.S. Department of Justice also announced on Monday criminal charges against four hackers connected to the Hainan State Security Department in China for hacking into the servers of dozens of companies, universities and governments in the U.S. and abroad between 2011 and 2018.

The federal jury indictment, unsealed last Friday, alleges that the defendants — Ding Xiaoyang, Cheng Qindmin, Zhu Yunmin, and Wu Shurong — conspired to steal trade secrets, obtain infectious disease research, and other confidential business information, in order to economically benefit China.

The campaign allegedly targeted victims in the U.S., Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland and the United Kingdom, reaching various sectors, including aviation, defense, education, government, health care, biopharmaceutical and maritime.