UK accuses China of state-backed ‘cyber sabotage’

Technology Stock (PA Archive)
13:37pm, Mon 19 Jul 2021
CBAD8A00-D2B9-4E0E-ADDF-D0366C357A34 Created with sketchtool. E9A4AA46-7DC3-48B8-9CE2-D75274FB8967 Created with sketchtool. 65CCAE04-4748-4D0F-8696-A91D8EB3E7DC Created with sketchtool.

The UK has accused the Chinese government of being behind “systematic cyber sabotage” following a hacking attack which affected a quarter of a million servers around the world.

The attacks, which took place in early 2021, targeted Microsoft Exchange servers.

Officials said the attack was highly likely to enable “large-scale espionage”, including acquiring personal information and intellectual property.

The Chinese Government must end this systematic cyber sabotage and can expect to be held account if it does not

Foreign Secretary Dominic Raab said the cyber attack by “Chinese state-backed groups” was part of a “reckless but familiar pattern of behaviour”.

“The Chinese Government must end this systematic cyber sabotage and can expect to be held account if it does not,” he said.

Officials said that at the time of the attack, the UK quickly provided advice and recommended actions to those affected and Microsoft said that by end of March, 92% of customers had patched against the vulnerability.

A group known as Hafnium compromised Microsoft Exchange, allowing it further access into the IT networks of victims, with at least 30,000 organisations around the world confirmed to have been hit.

This kind of behaviour is completely unacceptable, and alongside our partners we will not hesitate to call it out when we see it

Officials said the National Cyber Security Centre (NCSC) is “almost certain” that the compromise was initiated and exploited by a Chinese state-backed actor and it is “highly likely” that Hafnium is associated with the Chinese state.

NCSC director of operations Paul Chichester said: “The attack on Microsoft Exchange servers is another serious example of a malicious act by Chinese state-backed actors in cyberspace.

“This kind of behaviour is completely unacceptable, and alongside our partners we will not hesitate to call it out when we see it.”

The UK is also attributing the Chinese ministry of state security (MSS) as being behind activity known by cyber security experts as “APT40” and “APT31”.

The APT40 group has been blamed for activities including targeting maritime industries and naval defence contractors.

APT31 has been accused of targeting government entities, including the Finnish parliament, and political figures.

Foreign Affairs Committee chairman Tom Tugendhat told the PA news agency: “The Chinese state’s continued use of cyberattacks is deeply concerning.

“We should be particularly alarmed by the NCSC’s judgment that it is ‘almost certain’ that the Chinese MSS was behind the attack on Finland’s parliament in 2020.

“Today highlights the need for us to ensure we are working with our allies to build resilience and protect our openness in the face of irresponsible state actors.”

He added: “This is an appalling demonstration of the reality of the kind of relationship Beijing is seeking.

“Win-win in Beijing means winning openly and, if not, trying to steal a victory.”

Joe Biden’s White House also blamed the Chinese state for being behind the cyber attacks.

A statement from the US Government said China’s “pattern of irresponsible behaviour in cyberspace is inconsistent with its stated objective of being seen as a responsible leader in the world”.

The European Union joined the UK in blaming the attacks on hackers based in China although it did not explicitly link them to the Chinese state.

EU high representative Josep Borrell said: “The compromise and exploitation of the Microsoft Exchange server undermined the security and integrity of thousands of computers and networks worldwide, including in the member states and EU institutions.

“It allowed access to a significant number of hackers that have continued to exploit the compromise to date.

“This irresponsible and harmful behaviour resulted in security risks and significant economic loss for our government institutions and private companies, and has shown significant spill-over and systemic effects for our security, economy and society at large.”

A Nato statement said the alliance “is determined to employ the full range of capabilities, as applicable, at all times to actively deter, defend against and counter the full spectrum of cyber threats, in accordance with international law”.

Microsoft’s corporate vice president Tom Burt said: “Attributions like these will help the international community ensure those behind indiscriminate attacks are held accountable.

“Governments involved in this attribution have taken an important and positive step that will contribute to our collective security.

“Transparency is critical if we’re to combat the rising cyberattacks we see across the planet against individuals, organisations and nations.”.

Sign up to our newsletter