Tuesday 20 Jul 2021 @ 14:05
National Cyber Security Centre
Printable version

UK and allies hold Chinese state responsible for pervasive pattern of hacking

Chinese state-backed actors were responsible for gaining access to computer networks around the world via Microsoft Exchange servers.

The UK has revealed that Chinese state-backed actors were responsible for gaining access to computer networks around the world via Microsoft Exchange servers.

The National Cyber Security Centre – which is a part of GCHQ – assessed that it was highly likely that a group known as HAFNIUM, which is associated with the Chinese state, was responsible for the activity.

The attacks took place in early 2021 and open-source reporting indicates that at least 30,000 organisations have been compromised in the US alone, with many more affected worldwide. As part of a cross-Government response, the NCSC issued tailored advice to over 70 affected organisations to enable them successfully to mitigate the effects of the compromise.

NCSC Director of Operations Paul Chichester said:

“The attack on Microsoft Exchange servers is another serious example of a malicious act by Chinese state-backed actors in cyberspace.

“This kind of behaviour is completely unacceptable, and alongside our partners we will not hesitate to call it out when we see it.

“It is vital that all organisations continue to promptly apply security updates and report any suspected compromises to the NCSC via our website.”

The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities, and any organisations which have yet to install security updates released for Microsoft Exchange servers should do so. More information can be found on Microsoft’s website.

The attack on Microsoft Exchange software was highly likely to enable large-scale espionage, including acquiring personally identifiable information and intellectual property.

It is the most significant and widespread cyber intrusion against the UK and allies uncovered to date.

The UK is also attributing the Chinese Ministry of State Security as being behind activity known in open source as “APT40” and “APT31”.

Activity relating to APT40 included the targeting maritime industries and naval defence contractors in the US and Europe, and for APT31 the targeting of government entities, including the Finnish parliament in 2020.

Read the UK Foreign Secretary’s statement.

Channel website: https://www.ncsc.gov.uk/

Original article link: https://www.ncsc.gov.uk/news/uk-allies-hold-chinese-state-responsible-for-pervasive-pattern-of-hacking

Share this article

Latest News from
National Cyber Security Centre

NCSC enters new partnership for PDNS delivery

17/04/2024 13:05:00

The National Cyber Security Centre announces new partnership to deliver the Protective Domain Name System (PDNS) service.

UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity

26/03/2024 10:31:00

UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.

NCSC and partners issue warning about state-sponsored cyber attackers hiding on critical infrastructure networks

08/02/2024 11:05:00

GCHQ’s National Cyber Security Centre and partners share details of how threat actors are using built-in tools to camouflage themselves on victims’ systems.

Business leaders urged to toughen up cyber attack protections

24/01/2024 13:12:00

New guidelines to help directors and business leaders boost their resilience against cyber threats.

Exploitation of vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure

15/01/2024 10:15:00

Organisations are encouraged to take immediate action to mitigate vulnerabilities affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) gateways (CVE-2023-46805 and CVE-2024-21887), and follow the latest vendor advice.

UK exposes attempted Russian cyber interference in politics and democratic processes

08/12/2023 10:29:00

The UK condemns Russia’s sustained attempts at political interference in the UK and globally.

UK and allies expose Russian intelligence services for cyber campaign of attempted political interference

07/12/2023 14:25:00

The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes

NCSC launches Cyber Incident Exercising scheme

06/12/2023 15:25:00

New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.

UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains

23/11/2023 16:05:00

Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.