UNITED STATES NEWS

Microsoft Exchange hack caused by China, US and allies say

Jul 19, 2021, 6:30 AM | Updated: Jul 20, 2021, 4:29 pm

WASHINGTON (AP) — The Biden administration and Western allies formally blamed China on Monday for a massive hack of Microsoft Exchange email server software and asserted that criminal hackers associated with the Chinese government have carried out ransomware and other illicit cyber operations.

The announcements, though not accompanied by sanctions against the Chinese government, were intended as a forceful condemnation of activities a senior Biden administration official described as part of a “pattern of irresponsible behavior in cyberspace.” They highlighted the ongoing threat from Chinese hackers even as the administration remains consumed with trying to curb ransomware attacks from Russia-based syndicates that have targeted critical infrastructure.

The broad range of cyberthreats from Beijing disclosed on Monday included a ransomware attack from government-affiliated hackers that targeted victims — including in the U.S. — with demands for millions of dollars. U.S officials also alleged that criminal contract hackers associated with China’s Ministry of State Security have engaged in cyber extortion schemes and theft for their own profit.

Meanwhile, the Justice Department on Monday announced charges against four Chinese nationals who prosecutors said were working with the MSS in a hacking campaign that targeted dozens of computer systems, including companies, universities and government entities. The defendants are accused of targeting trade secrets and confidential business information, including scientific technologies and infectious-disease research.

Unlike in April, when public finger-pointing of Russian hacking was paired with a raft of sanctions against Moscow, the Biden administration did not announce any actions against Beijing. Nonetheless, a senior administration official who briefed reporters said that the U.S. has confronted senior Chinese officials and that the White House regards the multination shaming as sending an important message, even if no single action can change behavior.

President Joe Biden told reporters “the investigation’s not finished,” and White House press secretary Jen Psaki did not rule out future consequences for China, saying, “This is not the conclusion of our efforts as it relates to cyber activities with China or Russia.”

Even without fresh sanctions, Monday’s actions are likely to exacerbate tensions with China at a delicate time. Just last week, the U.S. issued separate stark warnings against transactions with entities that operate in China’s western Xinjiang region, where China is accused of repressing Uyghur Muslims and other minorities.

The administration also advised American firms of the deteriorating investment and commercial environment in Hong Kong, where China has been cracking down on democratic freedoms it had pledged to respect in the former British colony.

The European Union and Britain were among the allies who called out China. The EU said malicious cyber activities with “significant effects” that targeted government institutions, political organizations and key industries in the bloc’s 27 member states could be linked to Chinese hacking groups. The U.K.’s National Cyber Security Centre said the groups targeted maritime industries and naval defense contractors in the U.S. and Europe and the Finnish parliament.

In a statement, EU foreign policy chief Josep Borrell said the hacking was “conducted from the territory of China for the purpose of intellectual property theft and espionage.”

The Microsoft Exchange cyberattack “by Chinese state-backed groups was a reckless but familiar pattern of behaviour,” U.K. Foreign Secretary Dominic Raab said.

NATO, in its first public condemnation of China for hacking activities, called on Beijing to uphold its international commitments and obligations “and to act responsibly in the international system, including in cyberspace.” The alliance said it was determined to “actively deter, defend against and counter the full spectrum of cyber threats.”

That hackers affiliated with the Ministry of State Security were engaged in ransomware was surprising and concerning to the U.S. government, the senior administration official said. But the attack, in which an unidentified American company received a high-dollar ransom demand, also gave U.S. officials new insight into what the official said was “the kind of aggressive behavior that we’re seeing coming out of China.”

A spokesperson for the Chinese Embassy in Washington, Liu Pengyu, said in a statement that the “U.S. has repeatedly made groundless attacks and malicious smear against China on cybersecurity. Now this is just another old trick, with nothing new in it.” The statement called China “a severe victim of the US cyber theft, eavesdropping and surveillance.”

The majority of the most damaging and high-profile recent ransomware attacks have involved Russian criminal gangs. Though the U.S. has sometimes seen connections between Russian intelligence agencies and individual hackers, the use of criminal contract hackers by the Chinese government “to conduct unsanctioned cyber operations globally is distinct,” the official said.

Dmitri Alperovitch, the former chief technology officer of the cybersecurity firm Crowdstrike, said the announcement makes clear that MSS contractors who for years have worked for the government and conducted operations on its behalf have over time decided — either with the approval or the “blind eye of their bosses” — to “start moonlighting and engaging in other activities that could put money in their pockets.”

The Microsoft Exchange hack that months ago compromised tens of thousands of computers around the world was swiftly attributed to Chinese cyber spies by Microsoft.

An administration official said the government’s attribution to hackers affiliated with the Ministry of State Security took until now in part because of the discovery of the ransomware and for-profit hacking operations and because the administration wanted to pair the announcement with guidance for businesses about tactics that the Chinese have been using.

Given the scope of the attack, Alperovitch said it was “puzzling” that the U.S. did not impose sanctions.

“They certainly deserve it, and at this point, it’s becoming a glaring standout that we have not,” he said.

He added, in a reference to a large Russian cyberespionage operation discovered late last year, “There’s no question that the Exchange hacks have been more reckless, more dangerous and more disruptive than anything the Russians have done in SolarWinds.

___

Associated Press writers Kelvin Chan in London and Matthew Lee and Alexandra Jaffe in Washington contributed to this report.

___

Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Lifetime Windows & Doors

United States News

This image released by Netflix shows a scene from the limited series "The G Word with Adam Conover....
Associated Press

Adam Conover’s ‘G Word’ is funny crash course in government

LOS ANGELES (AP) — Adam Conover is certain that laughing and thinking at the same time is both possible and downright synergistic. He tested the approach in “Adam Ruins Everything,” in which he punctured conventional wisdom on matters ranging from charity to jaywalking. He’s back with “The G Word” — that’s “G” for government — […]
13 hours ago
Associated Press

Republicans kept off Michigan ballot turn to the courts

DETROIT (AP) — Business owner Perry Johnson filed a lawsuit Friday to try to get on Michigan’s August primary ballot, the first of many likely legal challenges after five Republican candidates for governor were barred because of too few valid petition signatures. Johnson asked the state Court of Appeals to intervene and order the Board […]
13 hours ago
California brown pelicans fly off Thornehill Broome Beach near Point Mugu, Calif., on May 16, 2021....
Associated Press

California investigating sick and dying brown pelicans

LOS ANGELES (AP) — Wildlife authorities are trying to determine why large numbers of California brown pelicans are being found sick and dying. Hundreds of the pelicans, which are a protected species in the state, have been admitted to wildlife rehabilitation facilities in Southern and Central California since about May 13, the California Department of […]
13 hours ago
Fulton County District Attorney Fani Willis, right, talks with a member of her team during proceedi...
Associated Press

Trump election probe grand jury to hear from Raffensperger

ATLANTA (AP) — Georgia’s secretary of state is expected to appear next week before a special grand jury in an investigation into whether former President Donald Trump and others illegally tried to meddle in the 2020 election in the state. Secretary of State Brad Raffensperger has been summoned to appear before the special grand jury […]
13 hours ago
The Caesars Sportbook Lounge at the Indianapolis Motor Speedway is shown during the final practice ...
Associated Press

Yard of Picks: Indy boosts gambling ties with sports lounge

INDIANAPOLIS (AP) — Alex Kertis browsed a list of Indianapolis 500 favorites — call it, a yard of picks — on his phone and the potential bettor found his choice. The Indy resident just needed to brush up on Alex Palou before he tapped the screen. “I don’t bet IndyCar all the time,” he said […]
13 hours ago
Associated Press

Montana schools chief cited in case of illegal bus passing

HELENA, Mont. (AP) — Montana’s top schools administrator has been cited in the case of a pickup truck that illegally passed a school bus while it was stopped to pick up students in a residential subdivision last week. Superintendent of Public Instruction Elsie Arntzen was cited on Thursday after speaking with an officer, said Helena […]
13 hours ago

Sponsored Articles

...
Carla Berg, MHS, Deputy Director, Public Health Services, Arizona Department of Health Services

Update your child’s vaccines before kindergarten

So, your little one starts kindergarten soon. How exciting! You still have a few months before the school year starts, so now’s the time to make sure students-to-be have the vaccines needed to stay safe as they head into a new chapter of life.
...
Christina O’Haver

Stroke month: Experts call attention to stroke prevention

Every 40 seconds—that’s how often someone has a stroke in the United States. It’s the fifth leading cause of death among Americans, with someone dying of a stroke every 3.5 minutes.
...
By Dr. Richard Carmona

Now’s a great time to receive your COVID-19 vaccine

If you haven’t received a COVID-19 vaccine yet, now’s the time to join many other of your fellow Arizonans who are doing so right now. No one will criticize you; there is no shame. In fact, you’ll be welcomed with smiles and open arms!
Microsoft Exchange hack caused by China, US and allies say