Exchange hacks: Aus accuses China of malicious cyber attacks

Australia has joined international partners in expressing “serious concerns about malicious cyber activities by China’s Ministry of State Security”.

“In consultation with our partners, the Australian Government has determined that China’s Ministry of State Security exploited vulnerabilities in the Microsoft Exchange software to affect thousands of computers and networks worldwide, including in Australia.

“These actions have undermined international stability and security by opening the door to a range of other actors, including cybercriminals, who continue to exploit this vulnerability for illicit gain.”

The Australian Government said it is “also seriously concerned about reports from our international partners that China’s Ministry of State Security is engaging contract hackers who have carried out cyber-enabled intellectual property theft for personal gain and to provide commercial advantage to the Chinese Government”.

The White House, in a statement, said that US is “deeply concerned that the PRC has fostered an intelligence enterprise that includes contract hackers who also conduct unsanctioned cyber operations worldwide, including for their own personal profit”.

“As detailed in public charging documents unsealed in October 2018 and July and September 2020, hackers with a history of working for the PRC Ministry of State Security (MSS) have engaged in ransomware attacks, cyber-enabled extortion, crypto-jacking, and rank theft from victims around the world, all for financial gain,” the statement said.

The statement further said that in some cases the US is aware that “PRC government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars”.

“The PRC’s unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts.”

The Australia Government called on all countries — including China — to act responsibly in cyberspace. “China must adhere to the commitments it has made in the G20, and bilaterally, to refrain from cyber-enabled theft of intellectual property, trade secrets and confidential business information with the intent of obtaining competitive advantage.”

Image credit: ©stock.adobe.com/au/Glebstock