The British government on Monday held the Chinese government responsible for a spate of cyberattacks against an international computer network, urging Beijing to take responsibility for such actions.
Earlier this year, Chinese state-sponsored hackers allegedly gained access to computer networks across the world by the use of Microsoft Exchange servers. Up to 30,000 organizations were compromised in the US with many more affected across the world.
“The cyberattack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour. The Chinese Government must end this systematic cyber sabotage and can expect to be held [to] account if it does not,” Foreign Secretary Dominic Raab said in a statement.
“The UK is also attributing the Chinese Ministry of State Security as being behind activity known by cyber security experts as ‘APT40’ and ‘APT31’. Widespread, credible evidence demonstrates that sustained, irresponsible cyber activity emanating from China continues,” a separate statement from the Foreign Ministry said.
The cyberattack enabled large-scale espionage, which included the acquisition of personal and highly confidential information and intellectual property.
The UK’s National Cyber Security Centre (NCSC), however, was quick to confront the attack and Microsoft released a statement in March reassuring users that 92% of customers had been able to “patch against the vulnerability.”
London has called on Beijing to reaffirm its commitment made to the UK in 2015 as part of the G20 agreement to not conduct or support cyber-enabled theft of intellectual property or trade secrets.
“The attack on Microsoft Exchange servers is another serious example of a malicious act by Chinese state-backed actors in cyberspace. This kind of behaviour is completely unacceptable, and alongside our partners we will not hesitate to call it out when we see it,” said NCSC Director of Operations Paul Chichester.
“It is vital that all organisations continue to promptly apply security updates and report any suspected compromises to the NCSC via our website.”
NATO has also condemned alleged Chinese cyber activities “designed to destabilize and harm Euro-Atlantic security and disrupt the daily lives of our citizens.”