The U.S. government and allies, including the U.K., European Union and NATO, have attributed the Microsoft Exchange Server (MSS) and other malicious cyber activities to threat actors with ties to China’s ministry of state security.
Cyber actors linked to China’s MSS used zero day vulnerabilities in Exchange Server to perform “cyber espionage operations,” the White House said Monday.
The Biden administration exposed China’s use of contract hackers to carry out ransomware attacks, cryptojacking and other unsanctioned cyber operations worldwide for financial gain.
The White House said the Department of Justice (DOJ) filed criminal charges against four hackers linked to MSS for their alleged involvement in a multiyear cyber campaign against foreign entities and governments in defense, maritime, aviation, health care and education sectors.
The current administration also cited efforts to improve the U.S. government’s cyber defenses in response to the Microsoft Exchange incident disclosed in March, such as launching proactive network defense actions, including private companies in the Cyber Unified Coordination Group to address vulnerabilities, funding five cyber modernization efforts across the government and working with the private sector to address cyber vulnerabilities facing critical infrastructure.
The FBI, National Security Agency (NSA) and Cybersecurity and Infrastructure Agency (CISA) issued a new advisory Monday to shed light on additional Chinese state-sponsored cyber techniques used to compromise U.S. and allied networks.