The European Union and the United States say Chinese state hackers carried out cyber attacks by exploiting vulnerabilities in Microsoft Exchange Server. In doing so, they have caused serious damage to the economy, democracy and society. They say they are doing everything they can to fight ‘evil behaviour in cyberspace’ together with international partners.
In March, Microsoft announced that Microsoft Exchange Server contained four dangerous zero-day exploits. Companies and organizations use Exchange Server to send and receive emails. In addition, Exchange Server processed emails with attachments and contact lists. A large number of companies and agencies store a variety of competitively sensitive information on these servers.
The vulnerabilities found were actively exploited by hackers and cybercriminals to steal confidential information. In addition, this allowed them to install a so-called backdoor so that they could access the internal computer systems of their victims at all times. They could then not only steal company and privacy-sensitive data at any time but also install ransomware or other malware and commit corporate espionage.
Many system administrators managed to fix the vulnerabilities in Exchange Server on their own. In early March, Microsoft rolled out a security update to close the zero days. For many, this was a godsend, but for some, this solution came too late. Tens of thousands of organizations worldwide were the victims of unscrupulous hackers, including dozens of Dutch companies.
Microsoft’s investigation revealed that Chinese state hackers actively abused the zero-day exploits to make victims. According to the American hardware and software company, HAFNIUM was responsible for this.
For the first time since the attacks broke out, an international coalition says the People’s Republic of China is responsible for “irresponsible and destabilizing behaviour in cyberspace.” That has had a significant impact on the security, economy, democracy and community in general of the US, EU, UK, UN and NATO and other international partners, including Canada, Australia, New Zealand and Japan.
“The compromise and exploitation of the Microsoft Exchange Server undermined the security and integrity of thousands of computers and networks worldwide,” the EU said in a statement. Some attacks have targeted government institutions and political organizations in the EU Member States, as well as key European industries. According to the EU, the attacks were carried out by the hacker groups APT40 and APT31 and can be traced back to mainland China. The goal was to steal as much intellectual property and trade secrets as possible and to commit espionage.
The EU says it will continue to urge China not to allow “their territory to be used for malicious cyber activities”. She also promises to take ‘appropriate measures’ and to deploy all available resources to track down and deal with the perpetrators. “We will continue to enhance our cooperation, including with international partners and other public and private stakeholders, by increasing the exchange of information and maintaining diplomatic contacts, by strengthening cooperation on cyber resilience and incident handling, as well as joint efforts. to improve the overall security of software and its supply chains.”
The US government is taking a tougher stance. According to the White House, China hires criminal hackers to carry out cyberattacks worldwide. The hackers are employed by the Chinese Ministry of State Security and in this capacity have carried out ransomware attacks and engaged in crypto jacking and extortion. And all for your own financial gain.
“The PRC’s reluctance to tackle criminal activity by contract hackers is hurting governments, businesses and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments and damage mitigation efforts,” President Biden said. In recent months, he has done everything possible to remove Chinese hackers from public and private networks and to close as many vulnerabilities as possible. The government has also worked non-stop to raise national cybersecurity to a higher level, especially critical infrastructure. She will continue with this for the foreseeable future.
To put it into action, the Ministry of Justice is indicting four hackers who they say have close ties to the Chinese Ministry of State Security. For years, they allegedly attempted to hack into key agencies and companies, including in the aviation, marine, military, and education and healthcare sectors.
It is not the first time President Biden has spoken harshly at China and Chinese state hackers. According to insiders, the president said in March that he still had a bone to pick with the communist regime. The president is reportedly working on a series of digital retaliations. He is said to have set up a special task force to coordinate counter-attacks. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) are part of this working group, among others.
Catch up on more articles here
Follow us on Twitter here