US and Global Allies Accuse China of Massive Microsoft Exchange Attack

The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security (MSS).

In a statement issued by the White House on Monday, the administration said, "with a high degree of confidence that malicious cyber actors affiliated with PRC's MSS conducted cyber-espionage operations utilizing the zero-day vulnerabilities in Microsoft Exchange Server disclosed in early March 2021. The U.K. government accused Beijing of a "pervasive pattern of hacking" and "systemic cyber sabotage."

The sweeping espionage campaign exploited four previously undiscovered vulnerabilities in Microsoft Exchange software and is believed to have hit at least 30,000 organizations in the U.S. and hundreds of thousands more worldwide. Microsoft identified the group behind the hack as a skilled government-backed actor operating out of China named Hafnium.

Calling it "the most significant and widespread cyber intrusion against the U.K. and allies," the National Cyber Security Centre (NCSC) said the attack was highly likely to enable "acquiring personally identifiable information and intellectual property."

In addition, the MSS was also outed as the party behind a series of malicious cyber activities tracked under the monikers "APT40" and "APT31," with the U.K. attributing the groups for targeting maritime industries and naval defence contractors in the U.S. and Europe, and as well as for executing the attack on the Finnish parliament in 2020.