China attributed by US Allies for Microsoft Exchange attack


US Allies, including Australia has determined that China’s Ministry of State Security exploited vulnerabilities in the Microsoft Exchange software. In a Joint statement, Australia claims, “These actions have undermined international stability and security by opening the door to a range of other actors, including cybercriminals, who continue to exploit this vulnerability for illicit gain.”

“The Australian Government is also seriously concerned about reports from our international partners that China’s Ministry of State Security is engaging contract hackers who have carried out cyber-enabled intellectual property theft for personal gain and to provide commercial advantage to the Chinese Government.

Australia calls on all countries – including China – to act responsibly in cyberspace. China must adhere to the commitments it has made in the G20, and bilaterally, to refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining competitive advantage.”

In a background press call from the White House on July 19 (EDT), “The United States has long been concerned about the People’s Republic of China’s irresponsible and destabilizing behavior in cyberspace.  …the U.S. and our allies and partners are exposing further details of the PRC’s pattern of malicious cyber activities and taking further action to counter it, as it poses a major threat to the U.S. and allies’ economic and national security.

The PRC’s pattern of irresponsible behavior in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world.

…countries around the world are making it clear that concerns regarding the PRC’s malicious cyber activity is bringing them together to call out those activities, promote network defense and cybersecurity, and act to disrupt threats to our economies and national security. ”

We will show how the PRC’s MSS — Ministry of State Security — uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit.  Their operations include criminal activities, such as cyber-enabled extortion, crypto-jacking, and theft from victims around the world for financial gain.  In some cases, we’re aware of reports that PRC government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars.

Second, the National Security Agency, Cybersecurity and Infrastructure Security Agency, and Federal Bureau of Investigation — NSA, CISA, and FBI — will expose over 50 tactics, techniques, and procedures Chinese state-sponsored cyber actors used when targeting U.S. and allied networks, along with advice for technical mitigations to confront this threat.

Third, the United States government, alongside our allies and partners, will formally attribute the malicious cyber campaign utilizing the zero-day vulnerabilities in the Microsoft Exchange Server disclosed in March — a number of months ago — to malicious cyber actors affiliated with the MSS with high confidence.

We’ve raised our concerns about both the Microsoft incident and the PRC’s broader malicious cyber activity with senior PRC government officials, making clear that the PRC’s actions threaten security, confidence, and stability in cyberspace.  The U.S. and our allies and partners are not ruling out further actions to hold the PRC accountable.

No one action can change China’s behavior in cyberspace and neither can just one country acting on its own.  Our allies and partners are a tremendous source of strength and a unique American advantage, and our collective approach to cyber threat information sharing, defense.

Hence, these efforts — our cooperation with the EU, NATO, and the Five Eyes countries in this effort — will allow us to enhance and increase information sharing, including cyber threat intel and network defense information with public and private stakeholders, and expand diplomatic engagement to strengthen our collective cyber resilience and security cooperation. ”

Further reading: Australia Joins Allies Condemning Chinese State Sponsored Malicious Cyber Activity