US Accuses China Of Masterminding Ransomware Attacks Worldwide Including Cyberattack On Microsoft Exchange In March

·3-min read

Hackers working for China's Ministry of State Security played a direct role in using ransomware to extort U.S. businesses, the White House said in a statement released today

The U.S., NATO, European Union, U.K., Australia, Canada, New Zealand and Japan said that they can now, "with high confidence," attribute the March attack using the Exchange flaw to cyberattackers affiliated with China's state security ministry. That attack crippled thousands of computers around the world.

The U.S., NATO and other allies have accused China for malicious cyberattacks, including a March attack that exploited a flaw in Microsoft's Exchange Server.

In an unprecedented move, the European Union, the United Kingdom, and NATO also joined the United States in condemning the PRC’s malicious cyber activities.

Hackers working for China's Ministry of State Security played a direct role in using ransomware to extort U.S. businesses, the White House said in a statement released today (Jul 19)

"The United States has long been concerned about the People’s Republic of China’s (PRC) irresponsible and destabilizing behavior in cyberspace. Today, the United States and our allies and partners are exposing further details of the PRC’s pattern of malicious cyber activity and taking further action to counter it, as it poses a major threat to U.S. and allies’ economic and national security." a statement released by the White House read.

The U.S accused China's Ministry of State Security of using contract hackers to conduct the attacks, many of which are being done for profit, including via ransomware.

The U.S., NATO, European Union, U.K., Australia, Canada, New Zealand and Japan said that they can now, "with high confidence," attribute the March attack using the Exchange flaw to cyberattackers affiliated with China's state security ministry. That attack crippled thousands of computers around the world.

"PRC government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars. The PRC’s unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts." the statement read.

The US Department of Justice(DoJ) unveiled criminal charges against four MSS (China's Ministry of State Security) hackers for running a multiyear campaign targeting foreign governments and entities in key sectors, including maritime, aviation, defense, education, and healthcare in a least a dozen countries.

DOJ documents outline how MSS hackers pursued the theft of Ebola virus vaccine research and demonstrate that the PRC’s theft of intellectual property, trade secrets, and confidential business information extends to critical public health information.

The European Council said today (Jul 19) that it stood by assessment by Biden Administration that China was responsible for the Microsoft Exchange hack.

"The compromise and exploitation of the Microsoft Exchange server undermined the security and integrity of thousands of computers and networks worldwide," the Council of the European Union said in a published statement Monday.

"This irresponsible and harmful behaviour resulted in security risks and significant economic loss for our government institutions and private companies, and has shown significant spill-over and systemic effects for our security, economy and society at large." the statement added

According to the Biden administration,, MSS-affiliated cyber operators exploited these vulnerabilities to compromise tens of thousands of computers and networks worldwide in a massive operation that resulted in significant remediation costs for its mostly private sector victims. Microsoft later released its security updates to fix the vulnerabilities.

The White House said that the National Security Agency, the Cybersecurity and Infrastructure Agency, and the Federal Bureau of Investigation released a cybersecurity advisory to detail additional Chinese state-sponsored cyber techniques used to target U.S. and allied networks, including those used when targeting the Exchange Server vulnerabilities

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting