'Groundless' Claims: China Rejects US Accusation of Cyberattack on Microsoft

The United States on Sunday, 18 July, accused China of carrying out a cyber-attack on Microsoft’s Exchange email server software, which made thousands of computers compromised, giving hackers access to gain sensitive data.

The Department of Justice, on Monday, announced that a Federal Grand Jury in May had indicted Chinese nationals who were accused of breaking into computer systems belonging to US companies, universities and governments, with official sanction from Beijing.

Believed to have begun in January, the cyberattack on Microsoft affected the computers with a malware in order to keep surveillance of local and state governments and some military contractors, NPR reported.

Group of Countries Condemn the Attack

US would be joined by the European Union (EU), the United Kingdom, Australia, Canada, New Zealand, Japan and NATO in condemning Beijing's Ministry of State Security (MSS) for the cyberattacks, an official was reported as saying.

Following which, EU policy chief Josep Borrell said on Monday, that the hacking was "conducted from the territory of China for the purpose of intellectual property theft and espionage," NPR reported.

In a tweet, NATO Secretary General Jens Stoltenberg said that the alliance "stands in solidarity with all those affected by malicious cyber activities, including the Microsoft Exchange Server compromise. We call on all states, including China, to uphold their international obligations & act responsibly."

China’s Response:

On Monday, joining the group of countries including the UK, US and Australia, New Zealand blamed Chinese state-sponsored actors for "malicious cyber activity" in the country.

Rejecting such claims, the Chinese Embassy in Wellington called the accusations "groundless and irresponsible". The embassy further said in a statement, “The Chinese government is a staunch defender of cyber security. Making accusations without proof is malicious,” BBC reported.

The Chinese embassy in Australia said the same, describing Washington as "the world champion of malicious cyber attacks".

Contract Hackers Hired: US

The Joe Biden administration official asserted that China's MSS employed criminal contract hackers "to conduct unsanctioned cyber operations globally, including for their own personal profit."

The official was further quoted as saying, "Their operations include criminal activities, such as cyber-enabled extortion, crypto-jacking and theft from victims around the world for financial gain. In some cases, we're aware of reports that PRC government-affiliated cyber operators have conducted ransomware operations against private companies that have included ransom demands of millions of dollars."

Meanwhile, though China is being publicly called out, no sanctions have been imposed on the country.

Indictment of Four Chinese Nationals

The Department of Justice had said in a statement on Monday, that the four Chinese nationals were indicted with "a campaign to hack into the computer systems of dozens of victim companies, universities and government entities in the United States and abroad between 2011 and 2018."

The indictment alleges a conspiracy to steal data with a "significant economic benefit to China's companies and commercial sectors, including information that would allow the circumvention of lengthy and resource-intensive research and development processes," NPR reported.

Meanwhile, the FBI, National Security Agency and the US Cybersecurity and Infrastructure Security Agency issued a joint advisory on Monday, advising government agencies and businesses on how to protect themselves from attacks.

(With inputs from NPR and BBC)