National Cyber Security Centre
UK and allies hold Chinese state responsible for pervasive pattern of hacking
Chinese state-backed actors were responsible for gaining access to computer networks around the world via Microsoft Exchange servers.
The UK has revealed that Chinese state-backed actors were responsible for gaining access to computer networks around the world via Microsoft Exchange servers.
The National Cyber Security Centre – which is a part of GCHQ – assessed that it was highly likely that a group known as HAFNIUM, which is associated with the Chinese state, was responsible for the activity.
The attacks took place in early 2021 and open-source reporting indicates that at least 30,000 organisations have been compromised in the US alone, with many more affected worldwide. As part of a cross-Government response, the NCSC issued tailored advice to over 70 affected organisations to enable them successfully to mitigate the effects of the compromise.
NCSC Director of Operations Paul Chichester said:
“The attack on Microsoft Exchange servers is another serious example of a malicious act by Chinese state-backed actors in cyberspace.
“This kind of behaviour is completely unacceptable, and alongside our partners we will not hesitate to call it out when we see it.
“It is vital that all organisations continue to promptly apply security updates and report any suspected compromises to the NCSC via our website.”
The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities, and any organisations which have yet to install security updates released for Microsoft Exchange servers should do so. More information can be found on Microsoft’s website.
The attack on Microsoft Exchange software was highly likely to enable large-scale espionage, including acquiring personally identifiable information and intellectual property.
It is the most significant and widespread cyber intrusion against the UK and allies uncovered to date.
The UK is also attributing the Chinese Ministry of State Security as being behind activity known in open source as “APT40” and “APT31”.
Activity relating to APT40 included the targeting maritime industries and naval defence contractors in the US and Europe, and for APT31 the targeting of government entities, including the Finnish parliament in 2020.
Latest News from
National Cyber Security Centre
NCSC urges organisations to prepare for the long haul on Russia-Ukraine05/07/2022 15:20:00
Guidance issued advises how organisations can avoid staff burnout during an extended period of heightened cyber threat.
Commercial cyber capabilities must be used legally and responsibly, says UK NCSC CEO29/06/2022 16:20:00
Lindy Cameron's speech at Tel Aviv Cyber Week emphasised the importance of partnerships and international regulation of sophisticated cyber capabilities.
UK joins international cyber agency partners to release supply chain guidance12/05/2022 14:20:00
Joint advisory sets out practical steps to take for managed service providers and their customers to protect themselves.
NCSC joins industry to offer unprecedented protection for public from scams12/05/2022 13:20:00
Data sharing collaboration will allow ISPs to instantly block access to fraudulent sites.
Organisations offered streamlined guidance to help them move to the cloud12/05/2022 11:15:00
Cloud security guidance refreshed to support small businesses to large organisations moving to cloud-based services.
Chancellor of the Duchy of Lancaster speech at Cyber UK11/05/2022 16:12:00
Steve Barclay today gave a speech at the Cyber UK conference in Wales.
Russia behind cyber attack with Europe-wide impact an hour before Ukraine invasion11/05/2022 15:43:00
New UK and US intelligence suggests Russia was behind an operation targeting commercial communications company Viasat in Ukraine.
New email security tool launched to help organisations check their defences11/05/2022 10:33:00
A free email security check service helps organisations identify vulnerabilities.