The Biden administration has formally named China as responsible for the March cyberattack of the Microsoft Exchange email server software.
In early March, the cyberattack accessed the emails of at least 30,000 public and private US entities. Among victims were small businesses, law firms, municipal governments, and health care provides.
The size of the attack was immense, with the CEO of cybersecurity firm TrustedSec David Kennedy calling it “the largest hack I’ve seen in my fifteen years“.
At the time of the attack, former chief technical officer of the cybersecurity firm CrowdStrike Dmitri Alperovitch described it as a threat to economic security.
“I would say it’s a serious economic security threat because so many small companies out there can literally have their business destroyed through a targeted ransomware attack”, he said.
US Secretary of State Anthony Blinken blamed China for the cyberattack.
“China’s Ministry of State Security has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain,” he said.
“In addition, the US government alongside our allies and partners has formally confirmed that cyber actors affiliated with the MSS [the Ministry of State Security of China] exploited vulnerabilities in Microsoft Exchange Server in a massive cyber espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims.”
Similarly, Microsoft issued a statement on their blog in March which blamed “a state-sponsored threat actor” which “operates from China” for the attacks.
Foreign Ministry spokesperson Wang Wenbin has denied the allegations, asserting that China “firmly opposes and combats cyber-attacks and cyber theft in all forms.”
Furthermore, during his presidency, Barack Obama agreed with Xi Jingping that “neither the US or the Chinese government will conduct or knowingly support cyber-enabled theft of intellectual property“.
We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft protects against this threat known as Ransom:Win32/DoejoCrypt.A, and also as DearCry.
— Microsoft Security Intelligence (@MsftSecIntel) March 12, 2021
The US government has not specified any sanctions against China. However, Blinken stated that “the US will impose consequences on Chinese malicious cyber actors for their irresponsible behaviour in cyberspace.”
These statements have been made in a time where the tensions between China and the US are rising.
The White House is currently reviewing its policy toward China, and recently targeted businesses accused of human rights violations.
On Tuesday, the State Department said that US: “businesses and individuals that do not exit supply chains, ventures, and/or investments connected to Xinjiang could run a high risk of violating U.S. law“, following allegations of human rights abuse.
On Thursday, Biden told the press he believed China: “is not keeping its commitment that it made on how it would deal with Hong Kong“.
On Friday, the US imposed sanctions on seven Chinese officials following Beijing’s clampdown on democracy in Hong Kong.
CISA is aware of widespread domestic and international exploitation of Microsoft Exchange Server vulnerabilities and urges scanning Exchange Server logs with Microsoft’s IOC detection tool to help determine compromise. https://t.co/khgCR2LAs0. #Cyber #Cybersecurity #InfoSec
— US-CERT (@USCERT_gov) March 6, 2021