The U.S. Blames China for MS Exchange Attacks and Names 4 Members of APT 40

  • The United States has made an official attribution for the MS Exchange zero-day attacks, and the finger points to Chinese hackers.
  • Four individuals who had set up a shell company to hide their connection with the Chinese state have been charged by the U.S. DoJ.
  • The darkness in the relations between the two countries is deepening, with rounds of sanctions succeeding one another.

The United States has released an official statement on the White House page, putting the blame on hackers supported by the People’s Republic of China (PRC) for the mass-exploitation of zero-day flaws in the Microsoft Exchange server a couple of months back. We already knew that a group called “HAFNIUM” was involved from Microsoft’s own intelligence reports, but this official confirmation comes to seal the attribution. As the announcement details, the United States worked together with allies and partners in the EU, UK, and NATO to collectively confirm the source of the attacks beyond any doubt.

At the same time, today, the U.S. Department of Justice (DoJ) has identified and charged four Chinese nationals who are members of the APT 40 hacking group. The defendants are Ding Xiaoyang (丁晓阳), Cheng Qingmin (程庆民), Zhu Yunmin (朱允敏), and Wu Shurong (吴淑荣), and the charges they face include computer fraud and conspiracy to commit economic espionage. These counts could incur a maximum of 20 years in prison, but it is unlikely that the American authorities will ever have a chance to arrest the four men.

Source: FBI

The four hackers are working with the Ministry of State Security in China and established a front company named Hainan Xiandun Technology Development Co., Ltd., to carry out their operations from a masked source, essentially obfuscating the involvement of the Chinese state. The group managed to steal trade secrets and confidential business information from leading companies in the U.S. and a dozen other countries, developing aircraft/aerospace, autonomous vehicles, specialty chemical formulas, cutting-edge drugs, submersibles, and more.

Acting U.S. Attorney Randy Grossman for the Southern District of California has stated:

This indictment alleges a worldwide hacking and economic espionage campaign led by the government of China. The defendants include foreign intelligence officials who orchestrated the alleged offenses, and the indictment demonstrates how China’s government made a deliberate choice to cheat and steal instead of innovating. These offenses threaten our economy and national security, and this prosecution reflects the Department of Justice’s commitment and ability to hold individuals and nations accountable for stealing the ideas and intellectual achievements of our nation’s best and brightest people.

Even though the Biden administration has been occupied dealing with Russian state-supported cyber-threats lately, this latest announcement comes as a reminder that the source of trouble isn’t monadical and that China remains a big headache for all IT teams around the globe.

The relations between the two countries are at their coldest point right now, with the U.S. issuing an advisory warning to American businesses on Friday highlighting the risk of operating in Hong Kong and sanctioning seven Chinese officials from the liaison office. To this, the Chinese state answered by promising to impose strong counteractions, which should be made public later this week.

REVIEW OVERVIEW

Latest

Intel Revises Manufacturing Process Development Roadmap and it Looks Promising

Intel declares ready to leave the ear of massive delays behind and finally get back on track.The American chipmaker promises to release...

Kazakhstan Blocks LinkedIn Over Illegal Casino Advertisements and Fake Accounts

Kazakhstan says LinkedIn violated its online advertisement rules and posted casino ads on the platform.For this reason and also for the existence...

Monero Bug May Have Exposed the Privacy of Transactions for a Small Number of Users

Monero transactions could be de-obfuscated thanks to a nasty bug in the decoy algorithm.The flaw affects transactions made quickly after a user...