China strongly denies ordering cyber-attacks through vulnerabilities in Microsoft Exchange Server. A spokesman for China’s foreign ministry said the allegations were “made up” for political purposes. There would also be insufficient evidence to designate China as the instigator.
The case revolves around four zero-day exploits that Microsoft found in March in Microsoft Exchange Server. Businesses and organizations use Exchange Server to send and receive emails. Because e-mails often contain attachments with sensitive information and e-mail addresses of various contacts, Exchange Server processes a lot of sensitive data. Information you don’t want to end up in the wrong hands.
Hackers abused the vulnerabilities found to steal confidential business and personal data. In addition, they backdoored companies and organizations that worked with Exchange Server. This allowed the attackers to penetrate their victims’ computer systems at any time to steal data or install ransomware or other malware.
As soon as Microsoft heard of the vulnerabilities, the American hardware and software company immediately worked on a solution. Many system administrators managed to solve the problem on their own. For others, the patch came too late. Tens of thousands of organizations worldwide had become victims of the zero-day exploits, including dozens of Dutch companies.
For a long time, it was suspected that Chinese state hackers were behind ransomware attacks. On Monday, an international coalition officially accused the communist country of ordering state hackers to attack companies and organizations worldwide and obtain sensitive data. The coalition consisted of the EU, US, UN, NATO, Canada, Australia, New Zealand, Japan and the United Kingdom.
The EU wrote in a press statement that China’s hacking attacks have “undermined the security and integrity of thousands of computers and networks worldwide”. The aim, according to European politicians, was to steal as much intellectual property and trade secrets as possible and to promote corporate espionage. The EU opts for diplomacy and says it will continue to urge China not to ‘use their territory for malicious cyber activities.
The US opted for a tougher stance. The government said cyberattacks by Chinese state hackers caused billions of dollars in damage to the US economy and society. The Justice Ministry on Monday charged four hackers with close ties to the Chinese Ministry of State Security. The suspects would have been trying to hack companies for years. Their targets included the aviation, navy, army and the education and healthcare sectors.
These allegations did not exactly go down well in China. Zhao Lijian, a spokesman for the Chinese Ministry of Foreign Affairs, says that the insinuations have been “made up” for political reasons. “China will not accept this. We do not engage in cyber attacks. The technical details provided by the US government do not constitute a complete chain of evidence,” he told a news conference in Beijing. Liu Pengyu, a spokesman for the Chinese embassy in Washington, said the allegations against China are “irresponsible.”
The Chinese ambassador to Australia, in turn, says the US is a ‘world champion’ when it comes to espionage. He is referring to a Danish report that showed that America secretly eavesdropped on European allies for years, including German Chancellor Angela Merkel, then Foreign Minister Frank-Walter Steinmeier and opposition leader of the SPD Peer Steinbrück. The NSA and the Danish secret service FE reportedly made agreements in 2008 to tap Danish internet cables. The American intelligence service used the same method to wiretap surrounding countries, including Poland, France, Norway, Sweden and the Netherlands.
Catch up on more articles here
Follow us on Twitter here