U.S. Says China Behind Microsoft Exchange Hack, Working With Criminal Gangs

The White House has said China was behind the major attack on Microsoft Exchange servers earlier this year and that the country is working with criminal gangs to commit cyberattacks around the world.

"The United States has long been concerned about the People's Republic of China's (PRC) irresponsible and destabilizing behavior in cyberspace," the White House said in a statement on Monday.

"Today, the United States and our allies and partners are exposing further details of the PRC's pattern of malicious cyber activity and taking further action to counter it, as it poses a major threat to U.S. and allies' economic and national security."

The Biden administration outlined a series of threats from Beijing, including government-affiliated hackers that have targeted companies and demanded millions of dollars in ransom.

China cyber attacks
In this file photo taken on August 4, 2020, a member of the hacking group Red Hacker Alliance uses a website that monitors global cyberattacks on his computer at their office in Dongguan, China's southern Guangdong province. Nicolas Asfouri/AFP via Getty Images

China's Ministry of State Security (MSS) has been using criminal contract hackers who have engaged in "unsanctioned cyber operations worldwide, including for their own personal profit," the statement said.

"In some cases, we are aware that PRC government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars," it continued.

China's "unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts."

On Monday, the Department of Justice announced charges against four Chinese nationals, who prosecutors say were working with the MSS in a hacking campaign targeting companies, universities and government in the U.S. and abroad between 2011 and 2018.

The DOJ said the indictment, unsealed on Friday, alleges that much of the conspiracy's theft was focused on information that was "of significant economic benefit to China's companies and commercial sectors" and would allow China to bypass "lengthy and resource-intensive research and development processes."

At research institutes and universities, the conspiracy targeted research related to Ebola, MERS, HIV/AIDS and other infectious diseases, the DOJ said.

"Much of the MSS activity alleged in the Department of Justice's charges stands in stark contrast to the PRC's bilateral and multilateral commitments to refrain from engaging in cyber-enabled theft of intellectual property for commercial advantage," the White House statement said.

The Biden administration also blamed China for a hack of Microsoft Exchange email servers that compromised tens of thousands of computers around the world earlier this year. MSS-affiliated hackers exploited vulnerabilities before Microsoft released its security updates to compromise computers and networks worldwide "in a massive operation that resulted in significant remediation costs for its mostly private sector victims," the administration's statement said.

It added that U.S. officials have raised concerns about the incident and China's "broader malicious cyber activity" with senior Chinese government officials and made clear that China's actions "threaten security, confidence, and stability in cyberspace."