Connect with us

Hi, what are you looking for?



U.S., Allies Officially Accuse China of Microsoft Exchange Attacks

U.S. Charges Four Alleged Members of Chinese Hacking Group APT40

The United States and its allies have officially attributed the Microsoft Exchange server attacks disclosed in early March to hackers affiliated with the Chinese government.

U.S. Charges Four Alleged Members of Chinese Hacking Group APT40

The United States and its allies have officially attributed the Microsoft Exchange server attacks disclosed in early March to hackers affiliated with the Chinese government.

China on Monday was accused by the United States, the European Union, NATO, the United Kingdom, Canada, Australia, New Zealand and Japan of conducting malicious cyber activity.

In a statement, the White House accused China of using “criminal contract hackers” to conduct cyber operations. These threat actors allegedly carried out cyberattacks for their own personal gain, including activities involving ransomware, cryptojacking, and cyber-enabled extortion.

The White House has also attributed — “with a high degree of confidence” — the initial Microsoft Exchange attacks to hackers affiliated with China’s Ministry of State Security (MSS).

Multiple threat groups have exploited the Microsoft Exchange vulnerabilities disclosed in early March. However, when Microsoft first warned of the zero-day exploits, it attributed them to a China-linked threat actor named HAFNIUM.

A statement issued by the UK’s National Cyber Security Centre (NCSC) on Monday said the agency is “almost certain” that the threat actors tracked as HAFNIUM, APT40 (TEMP.Periscope, TEMP.Jumper. Leviathan), and APT31 (Judgement Panda, Zirconium, Red Keres) are linked to the Chinese government.

NSA, FBI and CISA release advisory on Chinese state-sponsored cyber operations

Advertisement. Scroll to continue reading.

The NSA, FBI and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) on Monday released an advisory detailing more than 50 tactics, techniques and procedures (TTPs) used by Chinese state-sponsored threat actors in their attacks.

The 30-page advisory describes the TTPs used by the hackers, but also includes recommendations for detection and mitigation, as well as defensive tactics and techniques.

“Chinese state-sponsored cyber activity poses a major threat to U.S. and allied systems. These actors aggressively target political, economic, military, educational, and critical infrastructure personnel and organizations to access valuable, sensitive data. These cyber operations support China’s long-term economic and military objectives,” the agencies said.

US charges four Chinese hackers

The U.S. Justice Department on Monday announced criminal charges against four individuals who allegedly hacked into the systems of dozens of government organizations, companies and universities around the world between 2011 and 2018.

“The indictment … alleges that much of the conspiracy’s theft was focused on information that was of significant economic benefit to China’s companies and commercial sectors, including information that would allow the circumvention of lengthy and resource-intensive research and development processes,” the DoJ said.

Three of the defendants are said to be officers in a provincial arm of the MSS and one was an employee of a front company that was used to obfuscate the government’s role in the hacking campaigns.

The defendants are Ding Xiaoyang, Cheng Qingmin, Zhu Yunmin and Wu Shurong. They have been charged with conspiracy to commit computer fraud and conspiracy to commit economic espionage.

Chinese hackers of APT40 - wanted

The activity allegedly conducted by these individuals has been linked to the threat group tracked as APT40.

Over the past years, the U.S. has charged several individuals over their alleged role in hacking operations conducted by the Chinese government, including attacks aimed at COVID-19 vaccine makers and the credit reporting agency Equifax. Members of the group tracked as APT41 have also been charged.

Related: ‘Five Eyes’ Nations Blame China for APT10 Attacks

Related: More Countries Officially Blame Russia for SolarWinds Attack

Related: UK, US, Canada Accuse Russia of Hacking Virus Vaccine Trials

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...