US blames China for Microsoft hacking, ransomware attacks as part of global condemnation

The coordinated effort included indictments, a technical report and blame for the Microsoft Exchange Server hack.
BEIJING, CHINA - JULY 01: Members of the Chinese military orchestra march on Tiananmen Square before a celebration marking the 100th founding anniversary of the Chinese Communist Party. (Photo by Lintao Zhang/Getty Images)

The U.S. and its allies on Monday blamed China for exploiting flaws in Microsoft Exchange Server that enabled worldwide ransomware attacks on tens of thousands of victims.

It was part of a multi-front response Monday from the European Union, NATO U.S. intelligence partners that included the announcement of charges against four Chinese hackers that the Justice Department said worked on behalf of Beijing to breach U.S. companies and institutions over a span of seven years. For the first time, the U.S. government also accused the Chinese government of employing criminal hackers who have conducted criminal attacks.

U.S. government agencies also released a technical report Monday, first reported by CyberScoop, that warned of China’s ongoing appetite for targeting the defense, medical, semiconductor and other industries to steal intellectual property.

“No one action can change China’s behavior in cyberspace and neither can just one country acting on its own,” a senior administration official said Sunday evening. “Hence, these efforts — our cooperation with the EU, NATO, and the Five Eyes countries in this effort — will allow us to enhance and increase information sharing, including cyber threat intel and network defense information with public and private stakeholders, and expand diplomatic engagement to strengthen our collective cyber resilience and security cooperation.”


Microsoft itself attributed the Exchange Server attack to Chinese government hackers in March. The administration official said the delay in the U.S. government action came because the administration wanted to be certain about its attribution and combine it with the technical report release and present an allied front.

The Council of the European Union on Monday released a condemnation of the Microsoft Exchange Server hack, which led to other criminal organizations exploiting the breach.

“This irresponsible and harmful behaviour resulted in security risks and significant economic loss for our government institutions and private companies, and has shown significant spill-over and systemic effects for our security, economy and society at large,” the statement reads. “We continue to urge the Chinese authorities to adhere to these norms and not allow its territory to be used for malicious cyber activities, and take all appropriate measures and reasonably available and feasible steps to detect, investigate and address the situation.”

China has denied responsibility for the Microsoft breach.

The DOJ announced charges against three Chinese men — Ding Xiaoyang, Cheng Qingmin and Zhu Yunmin — whom they said served as officers for an arm China’s Ministry of State Security and directed a series of separate attacks at a front company, Hainan Xiandun Technology Development Co., Ltd. A fourth indicted man, Wu Shurong, created malware and conducted hacks at the company, the department said.


The operations included targets in a range of industries in the United States, Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland and the United Kingdom, DOJ said.

“Stolen trade secrets and confidential business information included, among other things, sensitive technologies used for submersibles and autonomous vehicles, specialty chemical formulas, commercial aircraft servicing, proprietary genetic-sequencing technology and data, and foreign information to support China’s efforts to secure contracts for state-owned enterprises within the targeted country (e.g., large-scale high-speed railway development projects),” according to DOJ.

Latest Podcasts