Microsoft Exchange email hack came from China, say EU and US

Josep Borrell issued a statement condemning the actions of hackers based in China on Monday
Josep Borrell issued a statement condemning the actions of hackers based in China on Monday Copyright JOHN THYS/AFP
By Euronews with AP
Share this articleComments
Share this articleClose Button

The attack earlier this year compromised tens of thousands of computers. Now EU and US officials have said China-based hackers were to blame.


The European Union and United States on Monday blamed China for the hacking of the Microsoft Exchange email server that compromised tens of thousands of computers around the world earlier this year.

In a statement, the EU's High Representative for Foreign Affairs and Security Policy Josep Borrell said the "malicious cyber activities" had "significantly affected our economy, security, democracy and society at large".

The Microsoft Exchange hack, first identified in January, was rapidly attributed to Chinese cyber spies by private sector groups.

Borrell's statement marks the first time the EU has levelled blame for the hack at China. The UK, Japan, Australia, Canada, New Zealand and NATO also issued their own condemnations.

"We have also detected malicious cyber activities with significant effects that targeted government institutions and political organisations in the EU and Member States, as well as key European industries," Borrell said.

The attack against Microsoft Exchange could be traced to hacker groups known to cybersecurity professionals as Advanced Persistent Threat 40 (APT40) and Advanced Persistent Threat 31 (APT31), and was "conducted from the territory of China for the purpose of intellectual property theft and espionage," he continued.

EU and allies present a united front

On Monday the United States' Biden administration and partners also disclosed a broad range of other cyberthreats from Beijing, including ransomware attacks from government-affiliated hackers that have targeted companies with demands for millions of dollars.

The AP news agency reported that China's Ministry of State Security has been using criminal contract hackers, who have engaged in cyber extortion schemes and theft for their own profit, according to a briefing from a senior US official.

That official briefed reporters about the investigation on the condition of anonymity, the agency said.

Even though the finger-pointing was not accompanied by any sanctions on Beijing, a senior US official who disclosed the actions to reporters said that the US had confronted senior Chinese officials and that the White House regarded the multination public shaming as sending an important message.

The United Kingdom's National Cyber Security Centre (NCSC) also issued a statement blaming the Chinese Ministry of State Security for a series of cyberattacks.

“The attack on Microsoft Exchange servers is another serious example of a malicious act by Chinese state-backed actors in cyberspace," said Paul Chichester, NCSC director of operations.

"Activity relating to APT40 included the targeting maritime industries and naval defence contractors in the US and Europe, and for APT31 the targeting of government entities, including the Finnish parliament in 2020," the NCSC said.

Officials: China using 'criminal hackers'

The majority of the most damaging and high-profile recent ransomware attacks have involved Russian criminal gangs. Though the US has sometimes seen connections between Russian intelligence agencies and individual hackers, the use of criminal contract hackers by the Chinese government “to conduct unsanctioned cyber operations globally is distinct,” a US government official told AP.

The official said it had taken until now to attribute the attack to hackers affiliated with China's Ministry of State Security in part because of the discovery of the ransomware and for-profit hacking operations and because the Biden administration wanted to pair the announcement with guidance for businesses about tactics that the Chinese have been using.

An advisory published on Monday from the FBI, the United States' National Security Agency and the Cybersecurity and Infrastructure Security Agency laid out specific techniques and ways that government agencies and businesses can protect themselves.

The White House also wanted to line up an international coalition of allies to call out China, according to the official, who said it was the first time NATO had condemned Beijing's hacking operations.

A Chinese Foreign Ministry spokesperson, asked about the Microsoft Exchange hack, has previously said that China “firmly opposes and combats cyber attacks and cyber theft in all forms” and cautioned that attribution of cyberattacks should be based on evidence and not “groundless accusations”.

Share this articleComments

You might also like