U.S. And Allies Formally Accuse China Of Microsoft Hack And Cyberespionage – Technology
United States:
U.S. And Allies Formally Accuse China Of Microsoft Hack And Cyberespionage
To print this article, all you need is to be registered or login on Mondaq.com.
On July 19, 2021, the
Biden administration, along with a group of allies publicly
accused the Chinese government of malicious cyber
activities and irresponsible state behavior. The joint
announcement states the U.S. uncovered a wide array of cyberattacks
by hackers with a history of working for the China’s Ministry
of State Security (MSS). Importantly, the announcement
attributes the recent attack on
Microsoft Corp.’s Exchange email software—an attack
which infected tens of thousands of businesses, government offices
and schools in the U.S. alone – to the MSS. While the
public accusation was not accompanied by any sanctions or punitive
measures against China, the unified condemnation by the global
community is significant: this is a broad coalition (the U.S., the
EU, the U.K., Canada, Australia, New Zealand, Japan and the 30
nations comprising NATO) attributing the Microsoft Exchange
cyberattack to China and, more broadly, criticizing China of
engaging in years of harmful cyber activity.
In connection with the allegations, the Department of Justice
(DOJ) announced criminal charges against four MSS hackers for
targeting foreign governments and entities in crucial sectors, such
as defense, education, healthcare, maritime and aviation, pursuing
cybertheft of intellectual property for financial gain. The
DOJ indictment accused the hackers of stealing information
from dozens of organizations and universities around the globe,
specifically stealing Ebola virus research and other important
intellectual property. The unsealed DOJ documents allege a
violation of the 2015 accord between China’s President Xi and
the Obama Administration to not direct or support cyberattacks to
steal corporate records or intellectual property.
It is clear that the Biden administration and U.S. government
are acutely focused on cybersecurity issues and assisting the
private sector in defending against these attacks. In
conjunction with the announcement attributing the attacks to the
MSS, he National Security Agency (NSA), Federal Bureau of
Investigation (FBI) and Cybersecurity and Infrastructure Security
Agency (CISA) published a Joint
Cybersecurity Advisory of more than 50 tactics, techniques
and procedures (TTPs) used by the MSS hackers. Similar to the
recent launch of StopRansomware.gov,
the Joint Cybersecurity Advisory provides insights and tools to
help businesses and critical infrastructure operators secure their
networks and protect their data. With regards to the MSS
hackers, the TTPs indicate they were particularly reckless in their
approach: indiscriminately scanning the Internet to find vulnerable
servers, and then installed scripts and/or webshells, and enabling
remote administration administrative control of such servers by the
hackers. Businesses are encouraged to review these TTPs and
analyze whether their environments are susceptible to these
approaches.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Technology from United States
