China hits back over cyberattack accusations
China has denied any involvement in cyberattacks against worldwide targets, such as the vulnerable Microsoft Exchange on-premise servers. Beijing has instead played the victim card, saying that they have been the victims of cyberattacks.
The Australian Chinese embassy has retaliated by claiming the US is “the world champion of malicious cyberattacks.” and deflected the allegations by highlighting Australia’s attempted phone tapping of Indonesian President Susilo Bambang Yudhoyono in 2013.
“As a victim of cyber attacks, China always firmly opposes cyber attacks and cyber theft in all forms, and calls on countries to advance dialogue and co-operation to safeguard cyber security.”
New Zealand calls out China over "smash-and-grab" cyberattacks
The New Zealand Government’s Minister for Communications Security Bureau (GCSB), Andrew Little, has added to the chorus of global condemnation over China’s “smash-and-grab” state-sponsored cyberattacks against New Zealand interests.
“New Zealand is today joining other countries in strongly condemning this malicious activity undertaken by the Chinese Ministry of State Security – both in New Zealand, and globally,” he said.
The statement aligns with other five eyes nations who have also called out China over the cyberattacks.
Pressure is mounting against China to respond to the accusations however at present there has been no response from Chinese embassies or directly from Beijing.
UK government joins in accusing China of cyberattacks
The UK has joined other five eyes partners to confirm Chinese state-backed actors were responsible for gaining access to computer networks via Microsoft Exchange servers.
The Australian government has taken the unusual step of publicly accusing China of conducting a major cyberattack against Australian government interests and private organizations.
The attacks use a recently discovered vulnerability that left on-premise Microsoft Exchange instances exposed to being exploited worldwide.
The Australian government released a statement expressing “serious concerns about malicious cyber activities by China’s Ministry of State Security.”
“The Australian government is also seriously concerned about reports from our international partners that China’s Ministry of State Security is engaging contract hackers who have carried out cyber-enabled intellectual property theft for personal gain and to provide commercial advantage to the Chinese government,” it said.
Concerns were also raised that China is hiring “contract hackers” in a concerted effort to ramp up cyberattacks worldwide and gain a competitive commercial advantage through the theft of intellectual property or commercial harm by deploying ransomware.
The statement released was coordinated with the US and Britain, and it is expected that other five eyes nations, such as Canada and New Zealand, will echo the same concerns.
The Cyber Security Herald operates several ‘Honey Pot’ web services. We have observed a sustained increase in the number of cyberattacks on our Honey Pots originating from China, especially with the Microsoft Exchange vulnerability, even though Microsoft has released a patch for this vulnerability.
Senior Australian government ministers said they held serious concerns about the activities and called “on all countries, including China, to act responsibly in cyberspace.”
In consultation with our partners, the Australian government has determined that China’s ministry of state security exploited vulnerabilities in the Microsoft Exchange software to affect thousands of computers and networks worldwide, including in Australia,” the statement said.
“These actions have undermined international stability and security by opening the door to a range of other actors, including cybercriminals, who continue to exploit this vulnerability for illicit gain.”
“The Australian government is also seriously concerned about reports from our international partners that China’s ministry of state security is engaging contract hackers who have carried out cyber-enabled intellectual property theft for personal gain and to provide commercial advantage to the Chinese government,” the Australian ministers said.
UK Foreign Minister Dominic Raab also joined Australia in voicing concerns against China’s actions. “The cyber attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour,” Mr Raab said in a statement. “The Chinese Government must end this systematic cyber sabotage and can expect to be held account if it does not.”
The joint statements come as tensions between China and Australia grow amid concerns over the risk of conflict with Taiwan.
The Chinese embassy in Canberra has not yet released a response to the statement. However, they have previously stated that China was “a staunch defender of cybersecurity and one of the biggest victims of hacking.”