In March of this year, Zero-Day vulnerabilities in the Microsoft Exchange Server were exploited, compromising thousands of computers and networks around the world.
Microsoft previously attributed the attack to cybercriminal group Hafnium, a China-based espionage network, but there is now solid proof of who was behind the attack.
The United States, European Union, United Kingdom, and NATO are all publicly blaming the People's Republic of China (PRC) for the Microsoft Exchange Server attack, as well as other malicious cyber activity.
Western nations detail Chinese massive cyber campaign
In a statement from The White House, the current cyber situation with China is addressed.
"The United States is deeply concerned that the PRC has fostered an intelligence enterprise that includes contract hackers who also conduct unsanctioned cyber operations worldwide, including for their own personal profit.
As detailed in public charging documents unsealed in October 2018 and July and September 2020, hackers with a history of working for the PRC Ministry of State Security (MSS) have engaged in ransomware attacks, cyber enabled extortion, crypto-jacking, and rank theft from victims around the world, all for financial gain.
In some cases, we are aware that PRC government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars. The PRC's unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts."
In connection to this unsanctioned activity, the United States Department of Justice (DOJ) announced there will be charges against four MSS hackers for activities in a campaign targeting foreign governments and entities in key sectors—including maritime, aviation, defense, education, and healthcare—in a least a dozen countries.
The U.S. government also attributed "with a high degree of confidence" that the MSS conducted cyber espionage operations, exploiting the Zero-Day vulnerabilities in Microsoft Exchange Server.
The government makes clear these actions threaten security, confidence, and stability in cyberspace, and that this activity is in direct contrast to China's "bilateral and multilateral commitments to refrain from engaging in cyber-enabled theft of intellectual property for commercial advantage."
CISA, NSA, and FBI cybersecurity advisory on China
Three major U.S. government agencies released a cybersecurity advisory on China's cyber operations.
The advisory details more than 50 tactics, techniques, and procedures (TTPs) that Chinese state-sponsored actors are using.
"One significant tactic detailed in the advisory includes the exploitation of public vulnerabilities within days of their public disclosure, often in major applications, such as Pulse Secure, Apache, F5 Big-IP, and Microsoft products. This advisory provides specific mitigations for detailed tactics and techniques aligned to the recently released, NSA-funded MITRE D3FEND framework.
General mitigations outlined include: prompt patching; enhanced monitoring of network traffic, email, and endpoint systems; and the use of protection capabilities, such as an antivirus and strong authentication, to stop malicious activity."
The advisory also mentions that China's cyber operations support the country's long-term economic and military goals.
To look at a specific China-backed hacking campaign, read about this new Grand Jury indictment on China stealing Ebola virus research.
