IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

US and allies accuse China of global hacking campaign

China blamed for recent Microsoft Exchange Server attack

Hacker on a computer with a Chinese flag in the background

The United States and a coalition of allies accused China on Monday of employing “criminal contract hackers” for a global hacking campaign — specifically in a massive Microsoft Exchange Server attack earlier this year.

NATO, the European Union, Britain, Australia, Canada, Japan and New Zealand join the US in making these allegations, according to Reuters and The Associated Press.

“The United States and countries around the world are holding the People’s Republic of China accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security,” US Secretary of State Anthony Blinken said Monday.

According to estimates, the Microsoft Exchange Server hack, which was disclosed in March, has affected more than a quarter of a million servers worldwide. The attack on Microsoft’s popular email service was found to have been led by state-backed hackers, specifically the Chinese-based Hafnium and at least 10 other hacking groups.

The UK government also pointed fingers at China in that attack, formally accusing the Chinese Ministry of State Security on Monday of being behind it.

Also on Monday, the US Justice Department announced charges against four Chinese nationals — three security officials and one contract hacker — who are accused in a global hacking campaign targeting dozens of companies, universities, and government agencies in the US and abroad. 

The attacks, which occurred between 2011 and 2018, targeted business trade secrets that would significantly benefit Chinese corporations in the aviation, defense, education, government, health care, biopharmaceutical, and maritime industries, according to the Justice Department.

The defendants and officials in the Hainan State Security Department, a regional security office, used a front company to hide the Chinese government’s role in the operation, according to a federal indictment.

Although Monday’s announcements included no sanctions, Biden administration officials say US concerns about Chinese cyber activities have been raised with senior Chinese leaders. “We’re not ruling out further action to hold the PRC accountable,” one official said.

In any case, Monday’s announcements were intended as a forceful condemnation of what the Biden administration describes as part of a pattern of irresponsible behavior in cyber space.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Best free malware removal tools 2022
Security

Best free malware removal tools 2022

22 Jun 2022
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

16 Jun 2022
What is shoulder surfing?
social engineering

What is shoulder surfing?

10 Jun 2022
CIAM buyer’s guide
Whitepaper

CIAM buyer’s guide

6 Jun 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022