UNITED STATES NEWS

Microsoft Exchange hack caused by China, US and allies say

Jul 19, 2021, 6:30 AM | Updated: Jul 20, 2021, 4:29 pm

WASHINGTON (AP) — The Biden administration and Western allies formally blamed China on Monday for a massive hack of Microsoft Exchange email server software and asserted that criminal hackers associated with the Chinese government have carried out ransomware and other illicit cyber operations.

The announcements, though not accompanied by sanctions against the Chinese government, were intended as a forceful condemnation of activities a senior Biden administration official described as part of a “pattern of irresponsible behavior in cyberspace.” They highlighted the ongoing threat from Chinese hackers even as the administration remains consumed with trying to curb ransomware attacks from Russia-based syndicates that have targeted critical infrastructure.

The broad range of cyberthreats from Beijing disclosed on Monday included a ransomware attack from government-affiliated hackers that targeted victims — including in the U.S. — with demands for millions of dollars. U.S officials also alleged that criminal contract hackers associated with China’s Ministry of State Security have engaged in cyber extortion schemes and theft for their own profit.

Meanwhile, the Justice Department on Monday announced charges against four Chinese nationals who prosecutors said were working with the MSS in a hacking campaign that targeted dozens of computer systems, including companies, universities and government entities. The defendants are accused of targeting trade secrets and confidential business information, including scientific technologies and infectious-disease research.

Unlike in April, when public finger-pointing of Russian hacking was paired with a raft of sanctions against Moscow, the Biden administration did not announce any actions against Beijing. Nonetheless, a senior administration official who briefed reporters said that the U.S. has confronted senior Chinese officials and that the White House regards the multination shaming as sending an important message, even if no single action can change behavior.

President Joe Biden told reporters “the investigation’s not finished,” and White House press secretary Jen Psaki did not rule out future consequences for China, saying, “This is not the conclusion of our efforts as it relates to cyber activities with China or Russia.”

Even without fresh sanctions, Monday’s actions are likely to exacerbate tensions with China at a delicate time. Just last week, the U.S. issued separate stark warnings against transactions with entities that operate in China’s western Xinjiang region, where China is accused of repressing Uyghur Muslims and other minorities.

The administration also advised American firms of the deteriorating investment and commercial environment in Hong Kong, where China has been cracking down on democratic freedoms it had pledged to respect in the former British colony.

The European Union and Britain were among the allies who called out China. The EU said malicious cyber activities with “significant effects” that targeted government institutions, political organizations and key industries in the bloc’s 27 member states could be linked to Chinese hacking groups. The U.K.’s National Cyber Security Centre said the groups targeted maritime industries and naval defense contractors in the U.S. and Europe and the Finnish parliament.

In a statement, EU foreign policy chief Josep Borrell said the hacking was “conducted from the territory of China for the purpose of intellectual property theft and espionage.”

The Microsoft Exchange cyberattack “by Chinese state-backed groups was a reckless but familiar pattern of behaviour,” U.K. Foreign Secretary Dominic Raab said.

NATO, in its first public condemnation of China for hacking activities, called on Beijing to uphold its international commitments and obligations “and to act responsibly in the international system, including in cyberspace.” The alliance said it was determined to “actively deter, defend against and counter the full spectrum of cyber threats.”

That hackers affiliated with the Ministry of State Security were engaged in ransomware was surprising and concerning to the U.S. government, the senior administration official said. But the attack, in which an unidentified American company received a high-dollar ransom demand, also gave U.S. officials new insight into what the official said was “the kind of aggressive behavior that we’re seeing coming out of China.”

A spokesperson for the Chinese Embassy in Washington, Liu Pengyu, said in a statement that the “U.S. has repeatedly made groundless attacks and malicious smear against China on cybersecurity. Now this is just another old trick, with nothing new in it.” The statement called China “a severe victim of the US cyber theft, eavesdropping and surveillance.”

The majority of the most damaging and high-profile recent ransomware attacks have involved Russian criminal gangs. Though the U.S. has sometimes seen connections between Russian intelligence agencies and individual hackers, the use of criminal contract hackers by the Chinese government “to conduct unsanctioned cyber operations globally is distinct,” the official said.

Dmitri Alperovitch, the former chief technology officer of the cybersecurity firm Crowdstrike, said the announcement makes clear that MSS contractors who for years have worked for the government and conducted operations on its behalf have over time decided — either with the approval or the “blind eye of their bosses” — to “start moonlighting and engaging in other activities that could put money in their pockets.”

The Microsoft Exchange hack that months ago compromised tens of thousands of computers around the world was swiftly attributed to Chinese cyber spies by Microsoft.

An administration official said the government’s attribution to hackers affiliated with the Ministry of State Security took until now in part because of the discovery of the ransomware and for-profit hacking operations and because the administration wanted to pair the announcement with guidance for businesses about tactics that the Chinese have been using.

Given the scope of the attack, Alperovitch said it was “puzzling” that the U.S. did not impose sanctions.

“They certainly deserve it, and at this point, it’s becoming a glaring standout that we have not,” he said.

He added, in a reference to a large Russian cyberespionage operation discovered late last year, “There’s no question that the Exchange hacks have been more reckless, more dangerous and more disruptive than anything the Russians have done in SolarWinds.

___

Associated Press writers Kelvin Chan in London and Matthew Lee and Alexandra Jaffe in Washington contributed to this report.

___

Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Lifetime Windows & Doors

United States News

FILE - Shoppers shop at a retail store in Niles, Ill., on Feb. 19, 2022.   U.S. consumer confidence...
Associated Press

US consumers less confident as anxiety over future grows

WASHINGTON (AP) — U.S. consumers were less confident again in June as persistent inflation and rising interest rates have Americans as pessimistic as they’ve been about the future in almost a decade. The Conference Board said Tuesday that its consumer confidence index slipped to 98.7 in June from 103.2 in May, the second straight monthly […]
8 hours ago
Associated Press

Biden arrives in Spain looking to buck up weary NATO allies

MADRID (AP) — President Joe Biden arrived in Spain on Tuesday to meet with fellow leaders of NATO with plans to beef up the American presence in Europe at a moment of growing concern about the alliance’s resolve in the face of the grinding war in Ukraine. White House national security adviser Jake Sullivan said […]
8 hours ago
The Nirvana, a sleek 88-meter-long superyacht worth about $300 million, owned by Vladimir Potanin, ...
Associated Press

Yacht of wealthiest Russian oligarch docked in haven Dubai

DUBAI, United Arab Emirates (AP) — The man considered to be the wealthiest oligarch in Russia, who has been photographed playing ice hockey with President Vladimir Putin, joins a growing list of those transferring — or, sailing — their prized assets to Dubai as the West tightens its massive sanctions program on Russia’s economy. Vladimir […]
8 hours ago
Food is seen during Bonnaroots, a four course meal that benefits global organizations for hunger, a...
Associated Press

Bonnaroo, a leader in green fests, faces climate change risk

MANCHESTER, Tenn. (AP) — Since its debut on a rural Tennessee farm two decades ago, the Bonnaroo Music and Arts Festival strived to be one of the country’s greenest music festivals, investing in recycling, composting, solar energy and other improvements. But last August Tennessee received the highest 24-hour rainfall ever recorded in a non-coastal state, […]
8 hours ago
FILE - This screen shot from video, shows former Michigan Gov. Rick Snyder, during his Zoom hearing...
Associated Press

Charges spiked against ex-governor, 8 others in Flint water

DETROIT (AP) — A judge had no authority to issue indictments in the Flint water scandal, the Michigan Supreme Court said Tuesday in an extraordinary decision that wipes out charges against former Gov. Rick Snyder, his health director and seven other people. It’s an astonishing defeat for Attorney General Dana Nessel, who took office in […]
8 hours ago
A visitor examines exhibits in the permanent collection of the American Folk Art Museum in January ...
Associated Press

Folk Art Museum offers donors naming rights to CEO’s title

NEW YORK (AP) — The American Folk Art Museum, unlike many other arts institutions, managed to avoid layoffs and other cutbacks in the two years after the pandemic through a mix of fundraisers and increased donor contributions. On Tuesday, the museum plans to announce its largest and most unusual recent gift — a $5 million […]
8 hours ago

Sponsored Articles

...
Carla Berg, MHS, Deputy Director, Public Health Services, Arizona Department of Health Services

Vaccines are safe if you are pregnant or breastfeeding

Are you pregnant? Do you have a friend or loved one who’s expecting?
...
Christina O’Haver

BE FAST to spot a stroke

Every 40 seconds—that’s how often someone has a stroke in the United States. It’s the fifth leading cause of death among Americans, with someone dying of a stroke every 3.5 minutes.
...
Carla Berg, MHS, Deputy Director, Public Health Services, Arizona Department of Health Services

ADHS mobile program brings COVID-19 vaccines and boosters to Arizonans

The Arizona Department of Health Services and partner agencies are providing even more widespread availability by making COVID-19 vaccines available in neighborhoods through trusted community partners.
Microsoft Exchange hack caused by China, US and allies say