National Cyber Security Centre
UK and allies hold Chinese state responsible for pervasive pattern of hacking
Chinese state-backed actors were responsible for gaining access to computer networks around the world via Microsoft Exchange servers.
The UK has revealed that Chinese state-backed actors were responsible for gaining access to computer networks around the world via Microsoft Exchange servers.
The National Cyber Security Centre – which is a part of GCHQ – assessed that it was highly likely that a group known as HAFNIUM, which is associated with the Chinese state, was responsible for the activity.
The attacks took place in early 2021 and open-source reporting indicates that at least 30,000 organisations have been compromised in the US alone, with many more affected worldwide. As part of a cross-Government response, the NCSC issued tailored advice to over 70 affected organisations to enable them successfully to mitigate the effects of the compromise.
NCSC Director of Operations Paul Chichester said:
“The attack on Microsoft Exchange servers is another serious example of a malicious act by Chinese state-backed actors in cyberspace.
“This kind of behaviour is completely unacceptable, and alongside our partners we will not hesitate to call it out when we see it.
“It is vital that all organisations continue to promptly apply security updates and report any suspected compromises to the NCSC via our website.”
The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities, and any organisations which have yet to install security updates released for Microsoft Exchange servers should do so. More information can be found on Microsoft’s website.
The attack on Microsoft Exchange software was highly likely to enable large-scale espionage, including acquiring personally identifiable information and intellectual property.
It is the most significant and widespread cyber intrusion against the UK and allies uncovered to date.
The UK is also attributing the Chinese Ministry of State Security as being behind activity known in open source as “APT40” and “APT31”.
Activity relating to APT40 included the targeting maritime industries and naval defence contractors in the US and Europe, and for APT31 the targeting of government entities, including the Finnish parliament in 2020.
Latest News from
National Cyber Security Centre
NCSC Director gives advice to viewers of BBC's Rip-Off Britain on tackling scams19/10/2021 09:15:00
Nicola Hudson, NCSC Director Policy and Communications, appeared on BBC's Rip-Off Britain to talk about tackling scams and what can be done to take them down.
Three universities gain recognition from experts for their top cyber security education08/10/2021 11:15:00
Three more UK universities recognised by the National Cyber Security Centre (NCSC) for promoting cyber security education on campus and beyond.
NCSC Director scoops prestigious cyber award30/09/2021 11:25:00
Paul Chichester, Director of Operations at the NCSC, has been recognised at the National Cyber Awards.
Formula for success: Top schoolgirl codebreakers rewarded with trip to home of McLaren racing29/09/2021 13:05:00
High-performing girls in the UK’s flagship cyber contest for schools rewarded with visit to McLaren Technology Centre
Top of the class: Schools awarded by experts for high quality cyber teaching20/09/2021 12:20:00
Sixteen schools and colleges achieve recognition from the NCSC for excellence in cyber security education.
UK and US cyber security leaders meet to discuss shared threats and opportunities13/09/2021 11:15:00
National Cyber Security Centre CEO and Director of the US Cybersecurity and Infrastructure Security Agency meet in London.
Record number of teenagers sign up to develop cyber skills over summer26/08/2021 16:20:00
Participation at all-time high for CyberFirst summer courses, led by the National Cyber Security Centre (NCSC).
Email innovation simplifies takedown of cyber scams12/08/2021 14:15:00
Scam emails can be sent directly to SERS via a new button organisations can add to their Microsoft Office 365 accounts.