The US and the allies accused China of Masterminding the Microsoft Exchange cyberattack.

July 20, 2021 | 2 minutes read

The US, EU, and the UK have accused China of sponsoring a major cybercrime.

The United States and the allies have accused China of hiring gangs to carry out cyberattacks in the West. The attacks include the recent Microsoft Exchange hack, a significant and widespread breach that gave access to the email servers of approximately 30,000 organizations from the US alone.

Hafnium, a Chinese-sponsored hacking group was initially blamed for the Microsoft attack. A senior official in the White House told the reporters in the briefing at the weekend that the government of the United States had “high confidence” that the attack was sponsored by the Chinese government.

[China’s] MSS-Ministry of State Security uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit,” the official commented. “Their operations include criminal activities, such as cyber-enabled extortion, crypto-jacking, and theft from victims around the world for financial gain.”

The accusation against China was made by the US, EU, UK, Australia, Canada, New Zealand, Japan, and NATO as reported by Bloomberg News.

“The attack on Microsoft Exchange servers is another serious example of a malicious act by Chinese state-backed actors in cyberspace,” said NCSC Director of Operations Paul Chichester in a press briefing. “This kind of behavior is completely unacceptable, and alongside our partners, we will not hesitate to call it out when we see it.”

Cyberattacks and ransomware threats have increased exponentially targeting larger organizations in recent years. The hackers have targeted America’s largest meat supplier and a key oil pipeline, in the span of a year but the hackers were thought to be from Eastern Europe and Russia.

The US accused Russia of 2020’s SolarWinds hack, breaching a number of US federal government entities. The US responded with new economic sanctions. 

This attack is different in the respect that a broad coalition of countries has publicly condemned China. It is also the first time that the military alliance NATO has formally blamed China for cybercrimes.