UK joins likeminded partners to verify Chinese state-backed actors had been responsible for gaining access to laptop networks via Microsoft Exchange servers.
The UK is becoming a member of likeminded partners to verify that Chinese state-backed actors had been responsible for gaining access to laptop networks around the sphere via Microsoft Exchange servers.
The attacks took place in early 2021, affecting over a quarter of a million servers worldwide.
Foreign Secretary Dominic Raab said:
The cyber attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour.
The Chinese Govt must always cease this systematic cyber sabotage and can anticipate to be held account if it does now not.
The attack was highly liable to enable large-scale espionage, along side acquiring personally identifiable information and intellectual property. At the time of the attack, the UK hastily offered advice and urged actions to those affected and Microsoft said that by cease of March that 92% of potentialities had patched against the vulnerability.
Today the UK is also attributing the Chinese Ministry of State Safety as being at the back of activity identified by cyber security experts as “APT40” and “APT31”.
Widespread, credible evidence demonstrates that sustained, irresponsible cyber activity emanating from China continues.
The Chinese govt has now not famous repeated calls to end its reckless campaign, instead allowing its state-backed actors to increase the scale of their attacks and act recklessly when caught.
This coordinated action today sees the international neighborhood as soon as again urge the Chinese govt to take accountability for its actions and respect the democratic institutions, personal data and commercial interests of those with whom it seeks to partner.
The UK is calling on China to reaffirm the commitment made to the UK in 2015 and as part of the G20 to now not conduct or assist cyber-enabled theft of intellectual property of trade secrets.
Notes to editors
- As part of a mistaken-Govt response, the National Cyber Safety Centre (NCSC) issued tailored advice to over 70 affected organisations to enable them successfully to mitigate the outcomes of the compromise.
- In 2018, the UK govt and its allies revealed that parts of the Chinese Ministry of State Safety (MSS) had been responsible for one of the most significant and widespread cyber intrusions stealing trade secrets. [link]
- The European Union has also made an announcement today [link].
The National Cyber Safety Centre has assessed that:
|HAFNIUM||Compromising Microsoft Exchange gave the perpetrator a foothold to pivot additional into the IT networks of victims.||NCSC is almost certain that the Microsoft Exchange compromise was initiated and exploited by a Chinese state-backed threat actor. NCSC contemplate it highly probably that HAFNIUM is associated with the Chinese state. The attack was highly liable to enable large-scale espionage, along side acquiring personally identifiable information and intellectual property.|
|APT40, TEMP.Periscope, TEMP.Jumper. Leviathan||Targeting maritime industries and naval defence contractors in the US and Europe. Targeting regional opponents of the Belt and Road Initiative. Targeting extra than one Cambodian electoral entities in the race as a lot as the 2018 election.||NCSC contemplate it is highly probably that APT40 is linked to the Chinese Ministry of State Safety and operates to key Chinese State Intelligence requirements. NCSC contemplate that APT40 is extremely probably sponsored by the regional MSS security office, the MSS Hainan State Safety Department (HSSD).|
|APT31, Judgement Panda, Zirconium, Crimson Keres||Since 2020 targeting govt entities, political figures, contractors and carrier services. European countries. Targeting Finnish Parliament in 2020.||NCSC contemplate it is almost certain that APT31 is affiliated to the Chinese State and probably that APT31 is a neighborhood of contractors working straight for the Chinese Ministry of State Safety.|
Revealed 19 July 2021