The Chinese State Security Ministry has been found responsible for a number of powerful hacking campaigns

Jul 20, 2021 17:04 GMT  ·  By

The U.S. and its strongest allies, such as the military alliance NATO, United Kingdom, and the European Union, explicitly ascribed the large-scale cyberattack on Microsoft Exchange servers to state-funded cybercriminal gangs working with the Ministry of State Security of China (MSS), according to The Hacker News

Four previously unidentified vulnerabilities in Exchange software have been exploited and the comprehensive cyber espionage effort is estimated to have affected a minimum of 30 000 US businesses and even more around the world. Microsoft classified the organization behind the breach, Hafnium, as an expert government-supported threat actor.

The National Cyber Security Centre (NCSC) said the cyberattack most likely enabled cybercriminals to obtain intellectual property and personal data, calling it the most widespread and significant cyberattack on the UK and its allies.

The White House issued a statement Monday explaining that cyber espionage operations by threat actors associated with the PRC MSS exploited a zero-day vulnerability in Microsoft Exchange Server that was disclosed in early March 2021. China's Ministry of State Security has been found to be responsible for a series of hacking campaigns under the following names: APT31 and APT40.

The United States Department of Justice has filed criminal proceedings against 4 APT40 MSS hackers who have captured valuable information, trade secrets, and intellectual ownership in multi-annual campaigns by attacking foreign countries and aviation, naval, education, health, and defense facilities in at least a dozen countries.

Several significant cyberattacks were carried out by the Chinese state-sponsored cybercriminals 

The state-sponsored cybercriminal gang launched attacks against naval defense companies in Europe and the United States. At the same time, the attacks were carried against the maritime industry and on the Finnish parliament last year .

In addition, the NCSC reported that a group known as APT10, acting on behalf of MSS, has participated in a long-running cybercriminal campaign targeting major service providers for gaining access to trade secrets and intellectual property information in Europe, Asia, and the United States.

Chinese authorities have been asked by the European Union to tackle harmful cyber operations from its own area. It pointed out that hacking Microsoft Exchange servers created substantial security difficulties and economic damages to government organizations and private enterprises. The Chinese government has repeatedly rejected any involvement in state-sponsored attacks.