Security News > 2021 > July > UK and chums call out Chinese Ministry of State Security for Hafnium Microsoft Exchange Server attacks

The Microsoft Exchange Server attacks earlier this year were "Systemic cyber sabotage" carried out by Chinese state hacking crews including private contractors working for a spy agency, the British government has said.

Foreign Secretary Dominic Raab said this morning in a statement: "The cyber attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour. The Chinese Government must end this systematic cyber sabotage and can expect to be held to account if it does not."

The US Department of Justice charged four Chinese men [PDF, 28MB] with operating a front company in Hainan Province, southern China, for carrying out the Exchange Server attacks.

When the Exchange Server campaign came to light in March, Microsoft attributed the zero-day exploitations to "a state-sponsored threat actor" that was "Based in China."

The Exchange Server zero-days were also used to spread ransomware, and it is not clear from today's announcements whether the UK and US are explicitly blaming China's government for that as well.

Although Microsoft's security staff nicknamed the Exchange Server attackers Hafnium, they are publicly tracked as APT31 and APT40.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/07/19/hafnium_china_state_security/