The Chinese Ministry of State Security is believed to be behind the activities of APT40 and APT31.
The UK government said government-backed Chinese entities are responsible for gaining access to computer networks through Microsoft Exchange servers. The attacks occurred in early 2021 and affected more than a quarter of a million servers worldwide.
“The cyberattack on Microsoft Exchange Server by Chinese government groups was a reckless but familiar pattern. The Chinese government must put an end to this systematic cyber sabotage and can count on being held accountable otherwise, ”said UK Foreign Secretary Dominic Raab
According to the UK authorities, the Ministry of State Security of China is behind the activities of the cybercriminal groups APT40 and APT31. The Chinese government has ignored repeated calls to end its reckless campaign, instead of allowing its has to scale up its attacks and act recklessly.
The UK calls on China to reaffirm its 2015 and G20 commitment to the UK not to engage in or support cybercrime theft of intellectual property and trade secrets.
As part of an intergovernmental response, the UK’s National Cyber Security Center (NCSC) has issued specific mitigation guidelines for over 70 affected organizations.
The NCSC believes that the Microsoft Exchange hack was initiated and used by Chinese government hackers from the HAFNIUM group.
APT40 (also known as TEMP.Periscope, TEMP.Jumper and Leviathan) in turn targets the maritime industry and naval defence contractors in the US and Europe. According to the NCSC, APT40 is allegedly linked to China’s Ministry of State Security and is acting in accordance with key requirements of China’s state intelligence. APT40 is most likely sponsored by the MSS Regional Security Office by the Hainan State Security Department (HSSD).
APT31 (also known as Judgment Panda, Zirconium and Red Keres) has targeted government agencies, politicians, contractors and service providers in European countries since 2020. According to the NCSC, APT31 is almost certainly linked to the Chinese state and probably APT31 is a group of contractors working directly for China’s Ministry of State Security.
The White House also issued a statement linking the recent attacks on Microsoft Exchange servers to the People’s Republic of China (PRC).
Catch up on more articles here
Follow us on Twitter here