US, Britain and EU blame China for Microsoft Exchange email server hack

US State Department says ‘cyber actors’ with Beijing’s Ministry of State Security were involved in operation that compromised accounts worldwide

Adds to a growing list of cyber espionage operations that the US government has tied to China’s MSS

Reading Time:5 minutes

Why you can trust SCMP

99+

Beijing has been accused of sponsoring a hack of the Microsoft Exchange email server. Photo: Reuters

Robert Delaneyin Washington

Published: 10:30pm, 19 Jul 2021Updated: 10:49am, 9 Sep 2021

Corrected [12:52am, 20 Jul, 2021]

[12:52am, 20 Jul, 2021]
An earlier version of this story stated incorrectly that the US Justice Department's indictment of four individuals on Monday was related to the Microsoft hack. This indictment was separate from the Microsoft matter.

The US, Britain, the EU and Nato on Monday accused Beijing of sponsoring a massive hack of the Microsoft Exchange email server discovered earlier this year, which compromised accounts worldwide, and vowed to work with other countries to halt what the US State Department called China’s “destabilising behaviour in cyberspace”.

The State Department said “cyber actors”, working with China’s Ministry of State Security (MSS), “exploited vulnerabilities in Microsoft Exchange Server in a massive cyber espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims”.

A senior White House official briefing reporters in Washington said: “The US and our allies and partners are not ruling out further actions to hold the [People’s Republic of China] accountable.”

The announcement added that the US had worked with allies and partners to identify the source of the hacks, which “cost governments and businesses billions of [US] dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the MSS had them on its payroll”.

More than 250,000 servers were targeted worldwide, according to the British government. Photo: AP

“The Chinese government, not unlike the Russian government, is not doing this themselves but are protecting those who are doing it, and maybe even accommodating them being able to do it,” US President Joe Biden told White House reporters after the announcement.

China’s embassy in Washington called its allegations of cyberespionage “irresponsible”, “ill-intentioned” and lacking in evidence.

US, Britain and EU blame China for Microsoft Exchange email server hack

US State Department says ‘cyber actors’ with Beijing’s Ministry of State Security were involved in operation that compromised accounts worldwide Adds to a growing list of cyber espionage operations that the US government has tied to China’s MSS

US State Department says ‘cyber actors’ with Beijing’s Ministry of State Security were involved in operation that compromised accounts worldwide

Adds to a growing list of cyber espionage operations that the US government has tied to China’s MSS