Microsoft: Chinese authorities slam ‘groundless’ hacking claims

China has slammed “groundless” claims that it carried out a major cyber-attack against tech giant Microsoft.

A group of Western countries had accused China of hacking Microsoft Exchange – a popular email platform used by companies worldwide.

The joint statement accused the Chinese Ministry of State Security (MSS) of undermining global stability and security.

China has always maintained that it opposes all forms of cyber-crime.

On Monday, New Zealand joined the group of countries including the UK, US and Australia in blaming Chinese state-sponsored actors for “malicious cyber activity” in the country, including the Microsoft attack.

The Chinese Embassy in Wellington called the accusations “groundless and irresponsible”.

“The Chinese government is a staunch defender of cyber security,” said a statement published by the embassy in response to a question from reporters.
“Making accusations without [proof] is malicious.”

The Chinese embassy in Australia echoed these remarks, describing Washington as “the world champion of malicious cyber attacks”.

A scaled-up attack
The Microsoft hack affected at least 30,000 organisations globally.

The Exchange system powers the email of major corporations, small businesses and public bodies worldwide.

Microsoft blamed a Chinese cyber-espionage group for exploiting a vulnerability in Microsoft Exchange – which allowed hackers to remotely access email inboxes.

The group, known as Hafnium, was found by Microsoft’s Threat Intelligence Centre to be state-sponsored and operating out of China.

Western security sources believe Hafnium obtained advance knowledge that Microsoft intended to patch or close the vulnerability, and so shared it with other China-based groups to maximise the benefit before it became obsolete.

“We believe that cyber-operators working under the control of Chinese intelligence learned about the Microsoft vulnerability in early January, and were racing to exploit the vulnerability before [it] was widely identified in the public domain,” a security source told the BBC.

The hack signalled a shift from a targeted espionage campaign to a smash-and-grab raid, leading to concerns Chinese cyber-behaviour is escalating, according to Western security services.

The UK Foreign Office said the Chinese government had “ignored repeated calls to end its reckless campaign, instead of allowing state-backed actors to increase the scale of their attacks and act recklessly when caught”.

The White House said it reserved the right to take additional action against China over its cyber activities.

US President Joe Biden told reporters that the Chinese government may not have been carrying out the attacks themselves, but were ” protecting those who are doing it. And maybe even accommodating them being able to do it.”

The US Department of Justice has also announced criminal charges against four MSS hackers which it said were linked to a long-term campaign targeting foreign governments and entities in key sectors in the least a dozen countries.