China has had its fair share of accusations thrown at it and this time around, the UK, US and EU have accused the East Asian country of carrying out a major cyber-attack earlier this year.
The attack in question relates to the breach of Microsoft Exchange servers, which according to the Western security firms affected at least 30,000 organisations globally.
Microsoft Exchange Server is a mail and calendaring collaborative software developed by Microsoft that has become a popular mailing tool for many organisations and companies across the world. It runs exclusively on Windows Server operating systems.
According to reports by BBC, the western security services believe it signals a shift from a targeted espionage campaign to a smash-and-grab raid, leading to concerns that Chinese cyber-attacks are escalating.
This is not the first time the Chinese Ministry of State Security (MSS) has been accused of espionage activity against the west, which has been described as a broader pattern of “reckless” behaviour, reports BBC.
Of course, despite the US, UK and EU accusations, China has completely denied all allegations of hacking and says it opposes all forms of cyber-crime. The unified stance led by the western powers against China clearly shows how serious the cyber-attack against the Microsoft Exchange servers is being taken with intelligence officials stating how vital the aspects of the attack have been as it is something they have seen before.
The attack on the Microsoft Exchange servers is said to have begun in January when hackers from a Chinese-linked group known as Hafnium began exploiting a vulnerability in Microsoft Exchange. They used the vulnerability to insert backdoors into systems which they could return to later.
It is reported that by the time the exploit was discovered, thousands of private internal discussions had been exposed by Hafnium, a group of Chinese hackers. Microsoft has openly revealed that it has released updated tools and investigation guidance to help IT Pros and incident response teams identify, remediate, defend against associated attacks.
According to a statement on their blog; “Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts and allowed the installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.”
China Accused of Cyber-attack On Microsoft Exchange Servers
The UK said the attack was likely to enable large-scale espionage, including the acquisition of personal information and intellectual property. It was mainly carried out against specific systems which aligned with Hafnium’s previous targets, such as defence contractors, think tanks and universities.
“We believe that cyber-operators working under the control of Chinese intelligence learned about the Microsoft vulnerability in early January, and were racing to exploit the vulnerability before [it] was widely identified in the public domain,” a security source told the BBC.
According to reports by western security sources, the hacker group Hafnium obtained prior knowledge that Microsoft intended to patch or close the vulnerability, and therefore acted quickly by sharing the information with other China-based groups to maximise the opportunity.
Because of this rash decision, it’s reported that the western security sources were able to identify, and also played a role in driving their decision to call out the Chinese publicly, officials say.
The UK is reported to have raised concerns about the cyber-attack by reaching out to Beijing in private over an extended period, including handing over dossiers of evidence pointing to the attack.
Microsoft went public about the vulnerability on 2 March and offered a patch to close it. The company continues to offer updates and security patches to help mitigate the situation. However, by the time the software giant responded, many organisations had suffered dearly.
According to BBC, around a quarter of a million systems globally were left exposed which includes both small or medium-sized businesses and organisations – and at least 30,000 were compromised.
Author: Allan Bangirana
Allan Bangirana has a taste for all kinds of topics and usually writes about tech, entertainment, sports and community projects that make a difference in society.