China Accused of Cyber-Attack On Microsoft Exchange Servers

The West accuses China of carrying out the major cyber-attack earlier this year.

The UK, US, and EU have accused China of carrying out a major cyber-attack earlier this year. The attack targeted Microsoft Exchange servers, affecting at least 30,000 organizations globally. Western security services believe it signals a shift from a targeted espionage campaign to a smash-and-grab raid, leading to concerns that the Chinese cyber behavior is escalating.

The Chinese Ministry of State Security (MSS) has also been accused of wider espionage activity and a broader pattern of “reckless” behavior. China has previously denied allegations of hacking and says it opposes all forms of cyber-crime.

The unified call-out of Beijing shows the gravity with which this case has been taken. Western intelligence officials say aspects are markedly more serious than anything they have seen before. It all began in January when hackers from a Chinese-linked group known as Hafnium began exploiting a vulnerability in Microsoft Exchange. They used the vulnerability to insert backdoors into systems which they could return to later.

The UK said the attack was likely to enable large-scale espionage, including the acquisition of personal information and intellectual property. It was mainly carried out against specific systems which aligned with Hafnium’s previous targets, such as defense contractors, think tanks, and universities. Western security sources believe Hafnium obtained advanced knowledge that Microsoft intended to patch or close the vulnerability, and so shared it with other China-based groups to maximize the benefit before it became obsolete.