• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » U.S. Blames China for Microsoft Attack, Details Hacking Tactics

U.S. Blames China for Microsoft Attack, Details Hacking Tactics

Securing Supply Chains
Computer code and text displayed on computer screens. Photo: Bloomberg.
July 19, 2021
Bloomberg

The U.S., U.K. and their allies formally attributed the Microsoft Exchange hack to actors affiliated with the Chinese government and accused Beijing’s leadership of a broad array of “malicious cyber activities,” escalating last week’s tensions between the White House and China.

The group of nations said Monday that the Chinese government has been the mastermind behind a series of malicious ransomware, data theft and cyber-espionage attacks against public and private entities, including the sprawling Microsoft Exchange hack earlier this year.

“The Chinese Government must end this systematic cyber sabotage and can expect to be held accountable if it does not,” U.K. Foreign Secretary Dominic Raab said in a statement.

The White House said that it was joining with European nations to expose the scale of China’s activity and will take steps to counter it. President Joe Biden told reporters at the White House on Monday that the investigation isn’t finished but that the Chinese government bears responsibility.

“My understanding is that the Chinese government, not unlike the Russian government, is not doing this themselves, but are protecting those who are doing it and maybe even accommodating them being able to do it,” Biden said.

The group of nations attributing the attack to China includes Australia, Canada, New Zealand, Japan and NATO, marking the first condemnation by the North American-European alliance on China’s cyber activities, according to a senior Biden administration official.

The Chinese Ministry of Foreign Affairs didn’t immediately reply to a request for comment outside of office hours. China’s Embassy in New Zealand on Tuesday called the allegations “totally groundless and irresponsible” and said it lodged a “solemn representation” with the government in Wellington.

“The Chinese government is a staunch defender of cyber security and firmly opposes and fights all forms of cyber attacks and crimes in accordance with law,” the Chinese statement said. “Given the virtual nature of cyberspace, one must have clear evidence when investigating and identifying cyber-related incidents. Making accusations without proof is malicious smear.”

In March, the Foreign Ministry in Beijing dismissed allegations that China-based government hackers were behind cyberattacks on Microsoft Exchange servers, accusing the company of making “groundless accusations,” and saying that tracing the source of cyberattacks is a “highly sensitive political issue.” China has long insisted that it is not a perpetrator but a victim of cyberattacks.

Monday’s announcement will add to the range of issues — including economic, military and political — the U.S. and China have been at odds over. It also marks yet another instance of the Biden administration rallying U.S. allies to issue coordinated statements condemning China.

The European Union’s foreign policy chief, Josep Borrell, said that the cyberattack was conducted from China and “resulted in security risks and significant economic loss for our government institutions and private companies.” The activities were linked to the hacker groups Advanced Persistent Threat 40 and Advanced Persistent Threat 31, according to an EU statement on Monday.

The U.S. also charged four Chinese nationals affiliated with the Ministry of State Security with a campaign to hack into computer systems of dozens of companies, universities and government entities in the U.S. and abroad between 2011 and 2018. The indictment, which was unsealed Monday, alleges that the hackers targeted, among other things, Ebola vaccine research.

Earlier, U.S. Secretary of State Antony Blinken said in a statement that “responsible states” don’t harbor cyber criminals.

“These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments and cybersecurity mitigation efforts, all while the MSS had them on its payroll,” Blinken said, referring to China’s Ministry of State Security.

With the report Monday, the U.S. aimed to show how China’s Ministry of State Security uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for its own personal profit.

“In some cases, we are aware that PRC government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars,” the White House said in a fact sheet.

50 Tactics

As part of the announcement, the National Security Agency, the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation detailed more than 50 tactics Chinese state-sponsored cyber hackers used when targeting U.S. and allied networks, including spearphishing emails with malicious attachments, exploitation of public-facing applications and drive-by compromise.

The agencies also provided advice and technical mitigations to confront threats, such as installing patches to protect against system vulnerabilities, strengthening login and password requirements and storing critical information on air-gapped systems.

Microsoft Corp. welcomed the global effort to attribute the attacks and called for future accountability.

“Attributions like these will help the international community ensure those behind indiscriminate attacks are held accountable,” said Tom Burt, corporate vice president, Customer Security & Trust. “Transparency is critical if we’re to combat the rising cyberattacks we see across the planet against individuals, organizations and nations.”

‘High Degree of Confidence’

Microsoft has previously attributed the hack to Chinese actors the software giant called Hafnium. The U.S.’s assessment appears to support Microsoft’s conclusions, attributing the hack to MSS-affiliated actors with “a high degree of confidence,” according to the fact sheet.

The attack against Microsoft’s Exchange email servers exploded over the course of two weeks between late February and early March. Microsoft first released software patches on March 2 to fix the critical vulnerabilities exploited in the hack. The attack exposed tens of thousands of victim email systems, including those of health-care facilities, manufacturers, energy companies and state and local governments.

Most ransomware attacks had previously been attributed to Eastern European and North Korean operators. Now the U.S. is accusing the Chinese government of not only leading malicious cyber operations, but also of hiring mercenaries, according to the Biden administration official. The claim accuses China of not only sponsoring espionage, but also supporting and possibly endorsing the work of cyber criminals executing these attacks.

Due to the breadth of victims around the world, the formal attribution came only after the U.S. had attained a high confidence level on the source of the hack, and the announcement could be made in concert with allies, the official added.

RELATED CONTENT

RELATED VIDEOS

Data Management (Big Data/IoT/Blockchain) Technology Supply Chain Security & Risk Mgmt High-Tech/Electronics
  • Related Articles

    China’s Microsoft Hack, Russia’s SolarWinds Attack Threaten to Overwhelm U.S.

    Hackers Used Obscure Texas IT Vendor to Attack U.S. Agencies, Top Corporations

    iPhone Chipmaker Blames WannaCry Variant for Plant Closures

Bloomberg

BioNTech Expands German Plant as Scholz Vows to Help Pharma

More from this author

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • DOCUMENTS BEARING THE INSIGNIA OF US CUSTOMS AND BORDER PROTECTION LIE ON A TABLE

    New CBP Regs Call for Greater Diligence by Brokers in Reporting Security Breaches

    Freight Forwarding/Customs Brokerage
  • A WORKER IN A WAREHOUSE, SUPERIMPOSED WITH GRAPHICS SHOWING SUPPLY NETWORK

    Enabling Intelligent Visibility With Supply Chain Analytics

    Data Management (Big Data/IoT/Blockchain)
  • A HAND TURNS A LARGE, LIGHTED DIAL WITH THE WORD RISK ON IT iStock-NicoElNino-1364371014.jpg

    Measuring KPIs and KRIs for Comprehensive Supplier Performance Management

    Technology
  • GSCMS-Promo.png

    Watch: Introducing the Global Supply Chain Marketing Summit

    Education & Professional Development
  • A COMPLEX SERIES OF ROADWAYS AND RAMPS, SEEN FROM HIGH ABOVE, IS PARTLY SHROUDED BY CLOUD

    Supply Chain Visibility Isn’t Just a Catchphrase; It’s an Imperative

    Logistics

Digital Edition

Scb nov 2022 sm

2022 Supply Chain Innovator of the Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Honeywell Intelligrated IFM
Infor Inmar Keelvar
Kinaxis Korber Lean Solutions Group 2H
Liberty SBF Locus Robotics Logility
LogistiVIEW Lucas Systems MCA Connect
MPO Nvidia Old Dominion
OpenText ORTEC Overhaul
Parsyl PMMI QIMA
Redwood Logistics Ryder E-commerce by Whiplash Saddle Creek Logistics
Schneider Dedicated Setlog Holding AG Ship4WD
Shipwell Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing