China Behind the Massive Microsoft Exchange Attacks
Table of Contents
- By Dawna M. Roberts
- Published: Aug 02, 2021
- Last Updated: Mar 18, 2022
Monday, President Biden formally accused China of waging a cybersecurity war on the U.S. using Microsoft Exchange servers.
What Happened?
Back in March, Microsoft announced vulnerabilities in its Microsoft Exchange server and released a series of patches designed to plug the holes being exploited by a group of cybercriminals.
According to Data Breach Today,
“Now, the White House says that this attack group worked for China’s Ministry of State Security, or MSS, which oversees foreign intelligence and counter-intelligence operations for the country’s government. The administration says it has “a high degree of confidence” that attackers associated with MSS conducted the global Exchange campaign.”
The determination about who was responsible for these crimes came about after an extensive investigation by the NSA, FBI, and the Cybersecurity and Infrastructure Agency comparing the techniques, tools, and processes used by Chinese hackers and their affiliates against those used in the MS Exchange attacks.
The accusation is one of many issued lately by the U.S. to the Chinese Ministry of State Security. In the public statement, the White House said, “Before Microsoft released its security updates, MSS-affiliated cyber operators exploited these vulnerabilities to compromise tens of thousands of computers and networks worldwide in a massive operation that resulted in significant remediation costs for its mostly private sector victims.”
The White House did not stop there. It also accused the MSS of carrying out other ransomware attacks costing America millions. A White House spokesperson also mentioned that these attacks show a level of aggression coming from China that is a surprise to the U.S. government.
The senior White House official said, “I can’t speak to further details of the ransomware attacks, but it literally was what we think about with ransomware: a ransom request - a large ransom request made to an American company. And it really raised concerns for us with regard to the behavior and, frankly, as I noted, with regard to the fact that … individuals affiliated with the MSS conducted it.”
Alongside the accusation that China sanctioned the attacks, the Biden Administration also indicted four Chinese nationals “of conducting various cyber operations against the U.S. and other organizations around the world. None of the four individuals listed in the indictment, however, are accused of conducting the Exchange attacks,” Data Breach Today said.
What is Next?
Recently the White House has been busy calling out Russian cyber terrorists and this week, China. However, although the accusations are appropriate, many experts believe more action must be taken to curb these threats. In addition, the Biden Administration is being criticized for not sanctioning China the same way they did Russia.
It is important to note that the U.K., the European Union, and NATO joined the U.S. in accusing China of backing these cyber threats.
According to Data Breach Today, experts like Scott Shackelford of the Indiana University Cybersecurity Program believe that “As for attributing the Exchange cyberattacks, the main benefit for the Biden administration is the fact that this was done collectively with close partners and allies. Naming and shaming, though, only gets us so far without any formal sanctions to go along with the attribution.”
Additionally, Dmitri Alperovitch, former CTO of CrowdStrike, commented on Twitter about the issue, “Given that sanctions have already been used against virtually every other rogue cyber nation-state, not using them against China is a glaring oversight.”
Sam Curry, CSO of Cyberreason, chimed in with,
“What is perhaps most significant is that the Biden administration is building momentum. And it’s building an international consensus or coalition. It’s the sort of move we normally see in physical conflicts and territorial disputes. And now we’re seeing it applied to the cyber domain.”
Many threat experts believe that more decisive action is needed to follow up on the accusations for change to occur.