Cyber security

Australia joins US, UK and EU in saying China was behind the global Microsoft email hack

- July 20, 2021 2 MIN READ
China, hacker
Photo: AdobeStock
The Australian government has accused China’s Ministry of State Security being behind a global hack of Microsoft’s Exchange email system earlier this year.

The announcement, released by Foreign Affairs Minister Senator Marise Payne late on Monday night, alongside Home Affairs Minister Karen Andrews and Defence Minister Peter Dutton, coincidences with similar findings announced by leading Western nations, including the Biden administration in the US.

Australia’s backing of the findings against China by the European Union, NATO and US will undoubtedly exacerbate already strained relationship with the nation’s largest trading partner, but then the coordinated global condemnation of China is an unusual move by several countries normally reluctant to criticise the Asian superpower.

“In consultation with our partners, the Australian Government has determined that China’s Ministry of State Security exploited vulnerabilities in the Microsoft Exchange software to affect thousands of computers and networks worldwide, including in Australia,” Senator Payne’s statement said.

“These actions have undermined international stability and security by opening the door to a range of other actors, including cybercriminals, who continue to exploit this vulnerability for illicit gain.”

A global wave of data breaches and cyberattacks exploiting a vulnerability in the Microsoft Exchange Server system gave the hackers access to passwords, emails, admin privileges on serves and access to any devices connected to a network until the software giant released a patch in early March. An estimated 250,000 servers were compromised, from governments and financial markets to small businesses.


Paid hacking for profit

A White House statement released alongside the Australian statement accused China of paying criminal contract hackers to conduct large-scale hackings, including ransomware attacks and crypto-jacking, for personal profit.

“We are aware that PRC (People’s Republic of China) government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars,” the White House statement said.

“The PRC’s unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts.”

The US Department of Justice (DoJ) revealed an indictment if filed in May with criminal charges against four PRC Ministry of State Security (MSS) hackers over “a multiyear campaign targeting foreign governments and entities in key sectors, including maritime, aviation, defense, education, and healthcare in a least a dozen countries”.

The DoJ says the hackers pursued the theft of Ebola virus vaccine research and demonstrate that the PRC’s theft of intellectual property, trade secrets, and confidential business information extends to critical public health information.

The Biden administration said it has raised its concerns about both the Microsoft hack and China’s broader malicious cyber activity with senior PRC Government officials.

Secretary of State Antony Blinken said China’s Ministry of State Security “fostered an ecosystem of criminal contract hackers” for state-sponsored activities and cybercrime.

“These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the MSS had them on its payroll,” he said.

Meanwhile, Australia has now publicly attributed malicious cyber activity to North Korea, Russia, China and Iran over the last four years, including the SolarWinds attack over summer, attributed to Russia.

“Australia calls on all countries – including China – to act responsibly in cyberspace,” Senator Payne’s statement said.

“China must adhere to the commitments it has made in the G20, and bilaterally, to refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining competitive advantage.”


2024 Startup Daily Best in Tech Awards - nominations open