UK accuses China of carrying out massive Microsoft cyberattack

The UK has accused the Chinese government of being behind a "systematic cyber-sabotage" against Microsoft which affected over a quarter of a million servers.

The attacks, which took place in early 2021, targeted Microsoft Exchange servers and impacted hundreds of thousands of email servers, compromising businesses across the world.

Officials said the attack was highly likely to enable “large-scale espionage”, including acquiring personal information and intellectual property.

Foreign Secretary Dominic Raab said the cyber attack by “Chinese state-backed groups” was part of a “reckless but familiar pattern of behaviour”.

“The Chinese government must end this systematic cyber sabotage and can expect to be held to account if it does not,” he said.

Officials said that at the time of the attack, the UK quickly provided advice and recommended actions to those affected and Microsoft said that by end of March, 92% of customers had patched against the vulnerability.At the same time, the UK released its statement the Biden administration in the US also made a similar accusation.

Both nations said China’s Ministry of State Security has been using criminal contract hackers, who have engaged in cyber extortion schemes and theft for their own profit, according to a senior administration official.

The official briefed reporters about the investigation on the condition of anonymity.

The European Union also blamed China for what it said were malicious cyber activities with “significant effects” that targeted government institutions and political organisations in the EU and its 27 member states, as well as key European industries.The Microsoft Exchange hack was first identified in January and was rapidly attributed to Chinese cyberspies by private sector groups.

After the hack was discovered there was an explosion of infiltrations by other intruders, piggybacking on the initial breach.

• 'I am on Universal Credit now': Victim loses £120,000 to Instagram scam

• Allowing China to host Winter Olympics 2022 akin to 'appeasing Hitler,' say MPs

Victims ran the spectrum of organisations that run email servers, from small businesses to law firms, municipal governments, healthcare providers and manufacturers.

The White House also said it wanted to line up an international coalition of allies to call out China, according to the official, who said it was the first time Nato had condemned Beijing’s hacking operations.A Chinese Foreign Ministry spokesperson, asked about the Microsoft Exchange hack, has previously said that China “firmly opposes and combats cyber attacks and cyber theft in all forms” and cautioned that attribution of cyberattacks should be based on evidence and not “groundless accusations.”