China accused of ‘systematic cyber sabotage’ by UK and allies
The Chinese government has been accused of “systematic cyber sabotage” in statements by the UK and allies, including the US, NATO, and the European Union.
The British government is announcing that it believes Chinese state-sponsored hackers were responsible for an attack earlier this year which targeted Microsoft Exchange servers.
More than 70 organisations in the UK were compromised by the hack, perpetrated by a group associated with Beijing according to the National Cyber Security Centre. This attribution has been supported by allies in the United States, NATO, and European Union.
Foreign secretary Dominic Raab described the hacking campaign – which is believed to have indiscriminately compromised tens of thousands of on-premise email servers worldwide with an intention to subsequently target specific victims – as “a reckless but familiar pattern of behaviour” from the Chinese government.
The hack of Microsoft Exchange servers earlier this year caused significant concern as the state-sponsored hackers left the victim networks open to additional attacks from criminals.
At the time the UK’s National Cyber Security Centre, a part of GCHQ, warned businesses to urgently update their email servers to ensure that criminals did not exploit them too.
In his statement attributing the campaign to China, Mr Raab stated that Beijing “must end this systematic cyber sabotage and can expect to be held [to] account if it does not”.
More from Science & Tech
The compromise of Microsoft Exchange servers “undermined the security and integrity of thousands of computers and networks worldwide,” including in the EU, the bloc said in its statement, allowing “access to a significant number of hackers that have continued to exploit the compromise to date”.
“This irresponsible and harmful behaviour resulted in security risks and significant economic loss for our government institutions and private companies, and has shown significant spill-over and systemic effects for our security, economy and society at large,” the EU added.
The joint attribution comes as the US unsealed charges against four named Chinese nationals alleged to be working with the Ministry of State Security.
These individuals are accused of hacking into “dozens of victim companies, universities and government entities… between 2011 and 2018” located in the US as well as “Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland and the United Kingdom”.