UPDATED 13:15 EDT / JULY 19 2021

SECURITY

US and allies blame China for series of cyberattacks

The U.S. and a group of allies today formally blamed China for multiple hacking campaigns, including a high-profile cyberattack revealed earlier this year that had targeted deployments of the Microsoft Exchange Server email platform.

The group includes NATO, the European Union, Australia, Canada, Japan, New Zealand and the U.K.

“An unprecedented group of allies and partners – including the European Union, the United Kingdom, and NATO – are joining the United States in exposing and criticizing the PRC’s malicious cyber activities,” the White House said in a statement today.

The White House stated that the Exchange Server attack has been attributed with a high degree of confidence to hackers affiliated with China’s Ministry of State Security or MSS. The cyberattack exploited a number of previously unknown cybersecurity flaws in Exchange Server to trick deployments of the platform into giving the hackers access. The campaign compromised tens of thousands of computers and networks worldwide, mostly at private sector organizations.

As part of this morning’s announcement, the White House also said the Justice Department has filed criminal charges against four MSS hackers over cyberattacks carried out from 2011 to 2018. The four defendants are accused of engaging in a multiyear hacking campaign that targeted organizations in multiple sectors, including government, maritime, aviation, defense, education and healthcare, across at least a dozen countries worldwide.

“In some instances, the conspiracy used hijacked credentials, and the access they provided, to launch spearphishing campaigns against other users within the same victim entity or at other targeted entities,” the Justice Department detailed in a separate statement. “The conspiracy also used multiple and evolving sets of sophisticated malware, including both publicly available and customized malware, to obtain, expand and maintain unauthorized access to victim computers and networks.”

In conjunction, the White House also shared new details about another set of cyberattacks. Those cyberattacks are being attributed to contract hackers with a history of working for the MSS. The hackers have been found to engage in ransomware campaigns, cyber-extortion and theft, as well as crypto-jacking, a type of cyberattack that hijacks a computer to use it for cryptocurrency mining. 

“In some cases, we are aware that PRC government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars,” the White House detailed.

In the same announcement, the White House shared an update about the U.S. government’s efforts to improve cybersecurity. It detailed that the government has conducted “cyber operations and pursued proactive network defense actions” to prevent systems compromised through the Exchange Server vulnerabilities from being used for malicious purposes.

As part of the effort, officials actively helped Microsoft Corp. fix security issues in Exchange Server. When Microsoft first disclosed the hacking campaign in early March, it published a blog post detailing the vulnerabilities that were used to carry out the cyberattack. Government experts, the White House detailed today, found other security issues in the software after Microsoft’s March disclosure and worked with the company to develop patches.

“National Security Agency notified Microsoft to ensure patches were developed and released to the private sector,” the White House stated. “We will continue to prioritize sharing vulnerability information with the private sector to secure the nation’s networks and infrastructure.”

Officials additionally shared an update about the Cyber Unified Coordination Group, or UCG, a group of government agencies tasked with coordinating efforts to address the Exchange Server hacking campaign. The initiative involved private sector companies as well.

“We credit those companies for being willing to collaborate with the United States Government in the face of a significant cyber incident that could have been substantially worse without key partnership of the private sector,” the White House said today. “We will build on this model to bolster public-private collaboration and information sharing between the United States Government and the private sector on cybersecurity.”

Image: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU