China is being accused by the US government, the UK government, the European Union and the FBI to be responsible for cyber-espionage attacks directed at servers Microsoft Exchange, which began in March this year and in the United States alone, claimed more than 30,000 victims.
The indictments, published separately by each of the 3 countries and the FBI, indicate that the attacks began with a Chinese state-funded cyber-espionage campaign, a covert operation by the Ministry of State Security of China (MSS).
In the indictment by the US government, a spokesman relies “with a high degree of confidence” that heMSS-associated cybercriminals conducted the complex cyberespionage operation that exploited zero-day vulnerabilities in Microsoft Exchange Server, specific email communication system for servers running Microsoft Server operating systems.
“We attribute, with a high degree of confidence, that malicious cyberactors affiliated with the PRC MSS [República Popular da China] conducted cyber espionage operations utilizing the zero-day vulnerabilities in Microsoft Exchange Server disclosed in early March 2021,” the paper writes.
The UK government, completes the statement, saying that also assigns responsibility for attacks to MSS. “The UK has also made China’s Ministry of State Security (MSS) responsible for activities known to cybersecurity experts as ‘APT40’ and ‘APT31’. Widespread and reliable evidence demonstrates that continued irresponsible cyber activity from China continues.”
The European Union also manifested itself, saying that this operation of cyberespionage against companies using servers on-premises equipped with Microsoft Exchange was organized and departed from cybercriminals based in China.
“The compromise and exploitation of the Microsoft Exchange server has undermined the security and integrity of thousands of computers and networks around the world, including in Member States and EU institutions. to explore the commitment so far […] These activities can be linked to hacker groups known as Advanced Persistent Threat 40 and Advanced Persistent Threat 31 and were conducted from the territory of China for purposes of intellectual property theft and espionage“.
FBI adds 4 more Chinese to its wanted list
On Monday (19), the US Department of Justice published a poster on behalf of the FBI, stating that the Chinese Zhu Yunmin (朱允敏); Wu Shurong (吴淑荣); Ding Xiaoyang (丁晓阳) and Cheng Qingmin (程庆民) are now on the FBI’s international list of fugitive criminals. The corporation believes that these individuals are representatives of the APT40, APT31 or Hafnium group, as identified by Microsoft in March of this year.
“The two-count charge alleges that Ding Xiaoyang (丁晓阳), Cheng Qingmin (程庆民) and Zhu Yunmin (朱允敏) were Hainan Xiandun officers, responsible for coordinating, facilitating and managing computer hackers and linguists at Hainan Xiandun and other MSS front companies to conduct cyber attacks for the benefit of China and its state and sponsored instruments. The prosecution claims that Wu Shurong (吴淑荣) was a computer hacker who, as part of his role at Hainan Xiandun, created malware, hacked into computer systems operated by foreign governments, companies and universities, and supervised other Hainan Xiandun hackers“, writes an FBI press release.
The Chinese accused by the FBI were identified as professionals of a shell company, Hainan Xiandun Technology Development, which instead of developing and marketing IT solutions, was created by the MSS, to identify vulnerabilities, develop spy malware and attack servers in question.
China denies involvement in the case
The charges, however, were denied by the Chinese government on Tuesday (20). China’s Foreign Ministry spokesman Zhao Lijian urged the US government to review its charges, particularly those against the four identified Chinese.
“The United States has joined with its allies in making unwarranted accusations against Chinese cybersecurity […] This was done from scratch and confused right and wrong. It is purely a politically motivated defamation and suppression […] China will never accept this,” Lijian said in an interview with the Associated Press.
“China firmly opposes and combats any form of cyber attack and will not encourage, support or tolerate any cyber attacks […] AND we demand once again that the United States stop attacks on China, stop ‘throwing mud’ on China on cybersecurity issues and drop the charges […] China will take the necessary steps to firmly safeguard cyber security and the country’s interests,” concludes Lijian.