China accused of targeting servers worldwide

Chinese state-backed actors were “responsible for gaining access to computer networks around the world.” The UK, the US and the European Union (EU) on Monday accused Chinese actors of hacking more than 250,000 computer networks around the world via Microsoft Exchange servers. The EU was the first to put out a statement saying the attack came from "the territory of China", while the UK said Chinese state-backed actors were responsible. The UK Foreign Office said in a statement: “The attacks took place in early 2021, affecting over a quarter of a million servers worldwide.”

Britain also attributed China’s ministry of state security (MSS) or the civilian intelligence agency of being behind hacker groups known to cyber security experts as Advanced Persistent Threat 40 (APT40) and Advanced Persistent Threat 31 (APT31). Both APT40 and APT31 have been described by experts as actors backed by or having a nexus with the Chinese state that specialise in targeting crucial technologies or intellectual property theft. "The cyber-attack on Microsoft Exchange Servers by Chinese state-backed groups was a reckless but familiar pattern of behaviour," Foreign Secretary Dominic Raab said. "The Chinese government must end this systematic cyber-sabotage and can expect to be held to account if it does not."

It said the Chinese government had "ignored repeated calls to end its reckless campaign, instead allowing its state-backed actors to increase the scale of their attacks and act recklessly when caught". Microsoft announced details of the hack back in March and said a group called Hafnium, linked to China, was responsible. China denied those accusations. The EU statement also said it had seen other Chinese behaviour that caused concern. "We have also detected malicious cyber activities with significant effects that targeted government institutions and political organisations in the EU and member states, as well as key European industries."

US secretary of state Antony Blinken said that “countries around the world are holding the People’s Republic of China (PRC) accountable for its pattern of irresponsible, disruptive, and destabilising behaviour in cyberspace. China’s ministry of state security (MSS), he added, has “fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain”. Blinken said the US and its partners had “formally confirmed that cyber actors affiliated with the MSS exploited vulnerabilities in Microsoft Exchange Server in a massive cyber espionage operation”.