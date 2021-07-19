U.S. markets close in 6 hours 27 minutes

  • S&P 500

    4,269.21
    -57.95 (-1.34%)
     

  • Dow 30

    34,184.09
    -503.76 (-1.45%)
     

  • Nasdaq

    14,235.50
    -191.74 (-1.33%)
     

  • Russell 2000

    2,163.24
    -27.05 (-1.24%)
     

  • Crude Oil

    69.16
    -2.65 (-3.69%)
     

  • Gold

    1,813.70
    -1.30 (-0.07%)
     

  • Silver

    25.41
    -0.39 (-1.49%)
     

  • EUR/USD

    1.1820
    +0.0013 (+0.11%)
     

  • 10-Yr Bond

    1.2120
    -0.0880 (-6.77%)
     

  • GBP/USD

    1.3709
    -0.0061 (-0.44%)
     

  • USD/JPY

    109.2610
    -0.8050 (-0.73%)
     

  • BTC-USD

    30,712.22
    -977.62 (-3.08%)
     

  • CMC Crypto 200

    734.48
    -23.55 (-3.11%)
     

  • FTSE 100

    6,844.95
    -163.14 (-2.33%)
     

  • Nikkei 225

    27,652.74
    -350.34 (-1.25%)
     

US blames China for Exchange server hacks and ransomware attacks

Zack Whittaker
·3 min read

The Biden administration and its allies has formally accused China of the mass-hacking of Microsoft Exchange servers earlier this year, which prompted the FBI to intervene as concerns rose that the hacks could lead to widespread destruction.

The mass-hacking campaign targeted Microsoft Exchange email servers with four previously undiscovered vulnerabilities that allowed the hackers — which Microsoft already attributed to a China-backed group of hackers called Hafnium — to steal email mailboxes and address books from tens of thousands of organizations around the United States.

Microsoft released patches to fix the vulnerabilities, but the patches did not remove any backdoor code left behind by the hackers that might be used again for easy access to a hacked server. That prompted the FBI to secure a first-of-its-kind court order to effectively hack into the remaining hundreds of U.S.-based Exchange servers to remove the backdoor code. Computer incident response teams in countries around the world responded similarly by trying to notify organizations in their countries that were also affected by the attack.

In a statement out Monday, the Biden administration said the attack, launched by hackers backed by China's Ministry of State Security, resulted in "significant remediation costs for its mostly private sector victims."

"We have raised our concerns about both this incident and the [People's Republic of China's] broader malicious cyber activity with senior PRC Government officials, making clear that the PRC's actions threaten security, confidence, and stability in cyberspace," the statement read.

The National Security Agency also released details of the attacks to help network defenders identify potential routes of compromise.

Several allies, including the U.K. and the members of NATO, also backed the Biden administration in its findings. In a statement, the U.K. government found Beijing responsible for a "pervasive pattern" of hacking. The Chinese government has repeatedly denied claims of state-backed or sponsored hacking.

The Biden administration also blamed China's Ministry of State Security for contracting with criminal hackers to conduct unsanctioned operations, like ransomware attacks, "for their own personal profit." The government said it was aware that China-backed hackers have demanded millions of dollars in ransom demands against hacked companies. Last year, the Justice Department charged two Chinese spies for their role in a global hacking campaign that saw prosecutors accuse the hackers of operating for personal gain.

Although the U.S. has publicly engaged the Kremlin to try to stop giving ransomware gangs safe harbor from operating from within Russia's borders, the U.S. has not previously accused Beijing of launching or being involved with ransomware attacks.

"The PRC's unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts," said Monday's statement.

The statement also said that the China-backed hackers engaged in extortion and cryptojacking, a way of forcing a computer to run code that uses its computing resources to mine cryptocurrency, for financial gain.

The Justice Department also announced fresh charges against four China-backed hackers working for the Ministry of State Security, which U.S. prosecutors said were engaged in efforts to steal intellectual property and infectious disease research into Ebola, HIV and AIDS, and MERS against victims based in the U.S., Norway, Switzerland and the United Kingdom by using a front company to hide their operations.

"The breadth and duration of China’s hacking campaigns, including these efforts targeting a dozen countries across sectors ranging from healthcare and biomedical research to aviation and defense, remind us that no country or industry is safe. Today’s international condemnation shows that the world wants fair rules, where countries invest in innovation, not theft," said deputy attorney general Lisa Monaco.

America’s small businesses face the brunt of China’s Exchange server hacks

Recommended Stories

  • Anatomy of Ransomware Attack: Chat Support, a Discount and a Surcharge for Bitcoin

    Blockchain analytics firm Elliptic tracks a small business being contacted by REvil ransomware attackers demanding $50,000 in crypto for a decryption tool.

  • China accused of cyber-attack on Microsoft Exchange servers

    The UK and the EU have accused China in connection with a major cyber-attack on Microsoft servers.

  • Probe: Journalists, activists among firm's spyware targets

    An investigation by a global media consortium based on leaked targeting data provides further evidence that military-grade malware from Israel-based NSO Group, the world’s most infamous hacker-for-hire outfit, is being used to spy on journalists, human rights activists and political dissidents. From a list of more than 50,000 cellphone numbers obtained by the Paris-based journalism nonprofit Forbidden Stories and the human rights group Amnesty International and shared with 16 news organizations, journalists were able to identify more than 1,000 individuals in 50 countries who were allegedly selected by NSO clients for potential surveillance.

  • Microsoft Exchange email hack was caused by China, US says

    The Biden administration on Monday blamed China for a hack of Microsoft Exchange email server software that compromised tens of thousands of computers around the world earlier this year. The administration and allied nations also disclosed a broad range of other cyberthreats from Beijing, including ransomware attacks from government-affiliated hackers that have targeted companies with demands for millions of dollars. China's Ministry of State Security has been using criminal contract hackers, who have engaged in cyber extortion schemes and theft for their own profit, according to a senior administration official.

  • U.S., allies accuse China of global cyber hacking campaign

    The United States and a coalition of allies accused China on Monday of a global cyber hacking campaign that employed contract hackers, specifically attributing a large Microsoft attack disclosed earlier this year to actors working on Beijing's behalf. Opening a new area of tensions with China, the United States is joined by NATO, the European Union, Britain, Australia, Japan, New Zealand and Canada to level the allegations. "The United States and countries around the world are holding the People’s Republic of China accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security," U.S. Secretary of State Anthony Blinken said in a statement on Monday.

  • Indian parliament opens amid Pegasus spyware row

    Spyware from an Israeli firm was allegedly used to hack phones of Indian MPs and journalists.

  • India's GlobalBees raises $150 million to build Thrasio-like house of brands

    Three-month-old GlobalBees said on Monday it has raised $150 million in a Series A financing round led by FirstCry. Lightspeed Venture Partners also invested in the new financing round, which is $75 million in equity and $75 million in debt. Founded by Nitin Agarwal, formerly of Edelweiss Financial, and Supam Maheshwari, a founder of FirstCry, GlobalBees acquires and partners with digitally native brands across categories such as beauty, personal care, home and kitchen, food and nutrition, and sports and lifestyle with a revenue rate of $1 million to $20 million.

  • Study Finds That Police Officers Speak to Black Drivers Less Respectfully Than White Drivers

    An American Psychological Association analysis of body camera footage from more than 100 police officers found that during traffic stops, officers tended to speak to Black men in a less respectful and less friendly tone than they typically did with white men.

  • Van driver jailed for raping woman after offering to help when her phone was stolen

    Andrew Mills, 61, subjected the woman to a prolonged attack in the back of his van.

  • Trump Gave Capitol Rioters The Language To Defend The Insurrection And Deny Reality

    They attacked the “fake news,” denounced the “deep state” and the “swamp,” and vowed to “take back” the Capitol and the country.View Entire Post ›

  • Kris Wu: Brands drop China star over teen sex allegations

    Singer-actor Kris Wu has denied the accusations and said he was filing a defamation suit.

  • The end of open source?

    Several weeks ago, the Linux community was rocked by the disturbing news that University of Minnesota researchers had developed (but, as it turned out, not fully executed) a method for introducing what they called "hypocrite commits" to the Linux kernel -- the idea being to distribute hard-to-detect behaviors, meaningless in themselves, that could later be aligned by attackers to manifest vulnerabilities. A public apology from the researchers followed. Equally certain, maintainers and project governance are duty bound to enforce policy and avoid having their time wasted.

  • GOP lawmakers hold California protest after 3 cancellations

    Republican House Reps. Matt Gaetz and Marjorie Taylor Greene held a protest Saturday after a third venue in California canceled their event. Instead, they held a protest outside City Hall in Riverside, where one of the events was canceled. “Here’s what they need to understand,” Greene told the crowd, according to the Press-Enterprise.

  • Over 1,000 Cryptocurrency Rigs Destroyed By Malaysian Authorities Using A Steamroller

    Authorities in Malaysia have destroyed 1,069 cryptocurrency rigs after they were confiscated in raids earlier this year. A steamroller was used to crush the hardware in the city of Sarawak, after the electric utility company of the Malaysian province accused the mining operators of stealing electricity for their activities. The operators allegedly stole RM8.4 million ($2-million) worth of energy from the company. Authorities say the operation was scattered across four locations and six suspects

  • Bitcoin and Ethereum – Weekly Technical Analysis – July 19th, 2021

    It’s a bearish start to the week for the majors. A move through the week’s pivot levels would bring resistance levels into play, however.

  • How much of a cut to social security benefits can you expect based on your age?

    It’s not a new discovery that Social Security income will fall short of scheduled benefit. But there’s no need to overreact.

  • Pegasus: What is the Israeli spyware and how can you tell if it’s on your phone?

    Pegasus is a sophisticated spyware that can be surreptitiously installed on a smartphone in several ways

  • How the wealthy use debt ‘as a tool to screw the government and everybody else’

    An interview with the professor who coined the term 'Buy, Borrow, Die,' and a look at how debt destabilized Haiti.

  • iPhone 13 could have ‘always on’ mode like the Apple Watch, rumour says

    The upcoming iPhone 13 could have an “always-on” display of the kind already found in the Apple Watch, according to a new rumour. It would allow the phone to show some information all of the time, even before users make the iPhone wake up. The iPhone has used an OLED display of the kind found in the Apple Watch since the iPhone X, and rumours have swirled that the company could use it to show some information permanently on the screen ever since.

  • Here's Why Apple Stock Has Room to Run Higher

    The iPhone maker is sitting on much stronger catalysts than it was during the last iPhone supercycle.