Microsoft Exchange cyberattack carried out by China, says US

Zero-day attack
(Image credit: Shutterstock.com)
Audio player loading…

The US has formally accused China of being behind the cyberattack on Microsoft Exchange servers (opens in new tab) that occurred back in March of this year.

However, the US wasn't alone in its condemnation of China as it was joined by NATO, the European Union and its allies Britain, Australia, Japan, New Zealand and Canada. According to US Secretary of State Antony Blinken, the cyberattack (opens in new tab) posed “a major threat to our economic and national security”.

US President Joe Biden (opens in new tab) provided further insight on the situation to reporters during an event discussing his infrastructure plan, saying:

"My understanding is that the Chinese government, not unlike the Russian government, is not doing this themselves, but are protecting those who are doing it. And maybe even accommodating them being able to do it."

At the same time as the US government called out China for its role in the attacks on Microsoft Exchange servers, the US Department of Justice (opens in new tab) charged four Chinese nationals with (three security officials and one contract hacker) with targeting dozens of companies, universities and government agencies around the world.

Lack of consequences

Back in April of this year, the US government hit Russia with sanctions (opens in new tab) as a result of the country's connections to last December's SolarWinds hack (opens in new tab).

This time around though, the US has called out China, who it believes is either behind or at least supported those responsible for attacking vulnerable Microsoft Exchange servers, though it has not placed sanctions on the country. Cybersecurity experts that spoke with Reuters find the lack of consequences for China over its involvement in the hack concerning.

The US could take further action though as White House Press Secretary Jen Psaki (opens in new tab) said that: "We are not holding back, we are not allowing any economic circumstance or consideration to prevent us from taking actions ... also we reserve the option to take additional action".

While the US has formally accused China's Ministry of State Security (MSS) of being behind the cyberattack, NATO has said that its members “acknowledge” the allegations leveled against China by the US, Canada and the UK.

We'll have to wait and see as to how China responds and whether or not the cybercriminals responsible decide to ramp up their attacks or wind them down following this formal accusation.

Via Reuters (opens in new tab)

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.