Microsoft cyber attack is done by China: US and allies

The United States and a coalition of allies on Monday accused China’s Ministry of State Security of a global cyber hacking campaign, specifically attributing a large Microsoft attack disclosed earlier this year to hackers working on Beijing’s behalf.
The United States is joined by NATO, the European Union, Britain, Australia, Japan, New Zealand and Canada to level the allegations, according to a White House fact sheet released Monday morning.

The announcement comes a month after G7 and NATO leaders agreed with President Joe Biden at summits in Cornwall, England, and Brussels in accusing China of posing systemic challenges to the world order.

The governments will formally attribute the cyber campaign utilizing the zero-day vulnerabilities in the Microsoft Exchange Server disclosed in March… to malicious cyber actors affiliated with the (Chinese Ministry of State Security) with high confidence, the U.S. senior administration official told reporters ahead of the announcement.

Chinese officials have previously said China is also a victim of hacking and opposes all forms of cyber attacks.

U.S. federal agencies, including the National Security Council, the FBI and the National Security Agency, will outline more than 50 techniques and procedures that China state-sponsored actors use in targeting U.S. networks, the official said.

Chinese state-sponsored cyber actors consistently scan target networks for critical and high vulnerabilities within days of the vulnerability’s public disclosure, the 31-page U.S. cybersecurity advisory seen by Reuters says.

“We will show how the PRC’s MSS, Ministry of State Security, uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit,” the official said.

The United States in recent months has focused attention on Russia in accusing Russian cyberhackers of a string of ransomware attacks in the United States.

Microsoft has already accused China of responsibility.

The operation exploited weaknesses in Microsoft’s exchange program, a common email software. Cybersecurity experts were shaken by the scale and volume of the incident, totaling thousands of potential U.S. victims.