Microsoft: Chinese authorities slam ‘groundless’ hacking claims
China has slammed “groundless” claims that it carried out a major cyber-attack against tech giant Microsoft.
A group of Western countries had accused China of hacking Microsoft Exchange – a popular email platform used by companies worldwide.
The joint statement accused the Chinese Ministry of State Security (MSS) of undermining global stability and security.
China has always maintained that it opposes all forms of cyber-crime.
On Monday, New Zealand joined the group of countries including the UK, US and Australia in blaming Chinese state-sponsored actors for “malicious cyber activity” in the country, including the Microsoft attack.
The Chinese Embassy in Wellington called the accusations “groundless and irresponsible”.
“The Chinese government is a staunch defender of cyber security,” said a statement published by the embassy in response to a question from reporters.
“Making accusations without [proof] is malicious.”
The Chinese embassy in Australia echoed these remarks, describing Washington as “the world champion of malicious cyber attacks”.
A scaled up attack
The Microsoft hack affected at least 30,000 organisations globally.
The Exchange system powers the email of major corporations, small businesses and public bodies worldwide.
Microsoft blamed a Chinese cyber-espionage group for exploiting a vulnerability in Microsoft Exchange – which allowed hackers to remotely access email inboxes.
The group, known as Hafnium, was found by Microsoft’s Threat Intelligence Centre to be state-sponsored and operating out of China.
Western security sources believe Hafnium obtained advance knowledge that Microsoft intended to patch or close the vulnerability, and so shared it with other China-based groups to maximise the benefit before it became obsolete.
“We believe that cyber-operators working under the control of Chinese intelligence learned about the Microsoft vulnerability in early January, and were racing to exploit the vulnerability before [it] was widely identified in the public domain,” a security source told the BBC.
The hack signalled a shift from a targeted espionage campaign to a smash-and-grab raid, leading to concerns Chinese cyber-behaviour is escalating, according to Western security services.
The UK Foreign Office said the Chinese government had “ignored repeated calls to end its reckless campaign, instead allowing state-backed actors to increase the scale of their attacks and act recklessly when caught”.
The White House said it reserved the right to take additional action against China over its cyber activities.
The US Department of Justice has also announced criminal charges against four MSS hackers which it said were linked to a long-term campaign targeting foreign governments and entities in key sectors in a least a dozen countries. (BBC)
652125 254593Quite good post. I just stumbled upon your blog and wanted to say that Ive truly enjoyed surfing around your blog posts. Following all I will be subscribing to your feed and I hope you write once again very soon! 766899