U.S., allies blame PRC for Microsoft hack


The United States and Western allies formally blamed the People’s Republic of China (PRC) in July 2021 for a massive hack of Microsoft Exchange email server software and asserted that criminal hackers associated with the Chinese government have carried out ransomware and other illicit cyber operations.

The announcements were intended as a condemnation of activities a senior U.S. official described as part of a “pattern of irresponsible behavior in cyberspace.” They highlighted the ongoing threat from Chinese hackers even as the U.S. continues its efforts to curb ransomware attacks from Russia-based syndicates that have targeted critical infrastructure.

The broad range of cyber threats from Beijing disclosed by U.S. officials included a ransomware attack from government-affiliated hackers that targeted victims — including in the U.S. — with demands for millions of dollars. U.S officials also alleged that criminal contract hackers associated with the PRC’s Ministry of State Security have engaged in cyber extortion schemes and theft for their own profit.

Meanwhile, the U.S. Department of Justice announced charges against four Chinese nationals accused of working with Chinese government officials in a hacking campaign that targeted dozens of computer systems, including companies, universities and government entities. The defendants are accused of targeting trade secrets and confidential business information, including scientific technologies and infectious-disease research.

Although no sanctions against Beijing were announced, U.S. President Joe Biden told reporters that “the investigation’s not finished.” White House press secretary Jen Psaki did not rule out consequences for the PRC, saying, “This is not the conclusion of our efforts as it relates to cyber activities with China or Russia.” (Pictured: A man stands outside the Microsoft office building in Beijing in July 2021.)

A week before the U.S. called out the PRC for its cyber activities, it issued separate stark warnings against transactions with entities that operate in China’s western Xinjiang region, where the PRC is accused of repressing Uyghur Muslims and other minorities.

It also advised U.S. firms of the deteriorating investment and commercial environment in Hong Kong, where the PRC has been cracking down on democratic freedoms it had pledged to respect in the former British colony.

The European Union and the United Kingdom were among the allies who called out the PRC. The EU said malicious cyber activities with “significant effects” that targeted government institutions, political organizations and key industries in the bloc’s 27 member states could be linked to Chinese hacking groups. The U.K.’s National Cyber Security Centre said the groups targeted maritime industries and naval defense contractors in the U.S. and Europe, as well as Finland’s Parliament.

In a statement, EU foreign policy chief Josep Borrell said the hacking was “conducted from the territory of China for the purpose of intellectual property theft and espionage.”

The Microsoft Exchange cyberattack “by Chinese state-backed groups was a reckless but familiar pattern of behavior,” U.K. Foreign Secretary Dominic Raab said.

NATO, in its first public condemnation of the PRC for hacking activities, called on Beijing to uphold its international commitments and obligations “and to act responsibly in the international system, including in cyberspace.” The alliance said it was determined to “actively deter, defend against and counter the full spectrum of cyber threats.”