US government attributes Microsoft Exchange hack to China

US government attributes Microsoft Exchange hack to China

The US government has formally attributed the Microsoft Exchange hack to China.

It has released an indictment that identifies four APT40 operators as working with China’s Ministry of State Security. 

 
In response to this move, Ben Read, Director of Analysis, Mandiant Threat Intelligence, said: “The statements by multiple governments naming the People’s Republic of China as responsible for the widespread exploitation of Microsoft Exchange servers in the spring is consistent with Mandiant’s previous findings.

“The links between APT40 to China’s Ministry of State Security operating out of Hainan Island is also consistent with technical evidence that Mandiant has previously identified showing that operators were likely located there.

“The indictment highlights the significant threat to multiple businesses from Chinese espionage. The group’s focus on biomedical research shows that emerging technologies are still a key target for Chinese espionage. Alongside that, the theft of negotiating strategies underscores the risk posed to all companies doing business with China, not just those with high value intellectual property.

“APT40 and APT31 are only two of the many groups operating in support of the People’s Republic of China and we expect these groups to continue to pose a threat to government and private sectors around the world.”

In addition to the US, the UK and EU also called out China for the attack.

Jamie Collier, Cyberthreat Intelligence Consultant at Mandiant, said: “In Europe, the attribution of these state-sponsored cyberattacks has typically been in regard to historical operations.

“However, this attribution statement suggests that European nations are not only becoming more assertive in calling out cyber operations but are also willing to do this with greater urgency, in a shorter time frame.

“By calling out specific forms of cyber activity, the EU has clarified its red lines and crucially, distinguished them from what might be considered traditional forms of espionage. This expansion of the EU’s cyber diplomacy toolbox is encouraging and shows an appetite to engage more assertively going forward.

“The UK’s involvement in this operation, alongside the EU and other international partners, is indicative of its prioritization of cyber diplomacy and an understanding that engaging in coalitions of this kind increases the legitimacy of accusations on the world stage. 

“Ultimately, as more states commit to sanctions or attribution statements, it becomes easier for additional states to join in with the political costs reduced. As recent UK strategy statements would suggest, the UK is seeking to establish itself as a leading voice on international cyber activity and I suspect there will be many more joint statements to come.”

Click below to share this article

Browse our latest issue

Intelligent CIO North America

View Magazine Archive