The big picture: The Biden Administration issued a statement claiming "with a high degree of confidence" that China exploited the Microsoft Exchange vulnerabilities to acquire confidential information for gain. The White House already confronted the Chinese Government about this and other malicious cyber activity related to it, pointing out how these actions injure the confidence and stability in cyberspace.
In early March, Microsoft Exchange vulnerabilities had given unwanted access to over 30,000 government and commercial organizations in the US. These vulnerabilities were exploited by "at least 10 hacker groups," allowing them to control servers remotely via a web browser. By late March, most Microsoft Exchange Servers were patched against these vulnerabilities.
According to Biden's administration, China's Ministry of State Security (MSS) hackers exploited the Exchange Servers vulnerabilities to engage in ransomware attacks, cyber-enabled extortion, crypto-jacking, and rank theft from victims worldwide. This caused billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts.
White House's statement is backed by allies and partners of the US, including the European Union, the United Kingdom, and NATO. Besides the White House, the US's Department of Justice also indicated that four individuals working for China's MSS were charged for attacking multiple entities and organizations between 2011 and 2018 targeting the aviation, defense, education, government, health care, biopharmaceutical and maritime industries, among others.
The UK's National Cyber Security Center (NCSC) and the Council of the European Union also issued statements denouncing the China's malicious cyber activities and backing the US' position against these attacks.
In response to the attacks exploiting Microsoft Exchange vulnerabilities, the US will be strengthening the USG's Cyber Defenses. First steps include making sure that cyber actors can't access public and private networks anymore and add private companies to the US Government's new model for cyber incident response.
CISA, NSA, and FBI are also releasing a "cybersecurity advisory" detailing cyber techniques used by China-sponsored hackers to target US and allied networks, including those used to exploit the Exchange Server vulnerabilities.
To further protect Federal networks and improve US's cybersecurity, the Biden Administration funded the Federal government to modernize their network defenses, implemented President Biden's Executive Order, and issued a directive to oblige critical pipeline companies to meet cybersecurity standards.
Masthead and Image Credit: Alejandro Luengo, ESET
