US, NATO, EU blame China for Microsoft cyberattack

The EU, Australia, New Zealand and Japan are working to confront the threat and are due to publicly blame China’s Ministry of State Security for a massive cyberattack on Microsoft Exchange email servers.

The attack was carried out by criminal contract hackers working for the MSS who also engage in cyber-enabled extortion, cryptojacking and ransomware, a NATO official said.

The group will share intelligence on cyberthreats and collaborate on network defenses and security, added a senior Biden administration official. The FBI, the National Security Agency and the Cybersecurity and Infrastructure Security Agency released a new advisory listing tactics, techniques and procedures Chinese state-sponsored hackers use.

The Microsoft Exchange server attack became public in March and is believed to have hit at least 30,000 American organizations and hundreds of thousands more worldwide. Microsoft identified the group behind the hack quickly, as a so far relatively unknown Chinese espionage network called Hafnium.

The delay in naming China was to give investigators time to assemble evidence proving the Hafnium hackers were on the Chinese state payroll, the official added.

Cyber warfare is the front line

Cyberwarfare is becoming the front line in a global power struggle between democracies and autocratic states so the new alliance could become a model for future efforts to confront transnational threats.

The joint announcements build on Biden’s effort earlier this summer to rally support among NATO and EU allies for a more confrontational approach to China. Just on Friday, the United States sanctioned seven Chinese officials in response to the Beijing’s crackdown on Hong Kong’s democratic institutions. The US also warned its firms of data and privacy breaches by the Chinese government if they carry on doing business in Hong Kong.

In response, a Chinese foreign ministry spokesperson accused the United States of “meddling” in its internal affairs.

For now, the newly launched cybersecurity alliance is focused on cooperative security and threat alerts and not on retaliation. Beijing’s economic might around the world right now makes it very difficult for any group of countries to agree on concrete actions against China.