China says Microsoft hack allegation ‘a smear’

China rejected accusations by the US, Britain and their allies that people linked to the Asian nation’s government were behind the Microsoft Exchange hack and other “malicious cyber activities”.

“The US ganged up with its allies and launched an unwarranted accusation against China on cybersecurity,” foreign ministry spokesperson Zhao Lijian said Tuesday at a regular briefing in Beijing. “It is purely a smear and suppression out of political motives. China will never accept this.”

Zhao added that the details released by the US “do not constitute a complete chain of evidence. In fact, the US is the largest source of cyberattacks in the world.”

The group of nations said the Chinese government was the mastermind behind a series of malicious ransomware, data theft and cyber-espionage attacks against public and private entities, including the extensive Microsoft Exchange hack earlier this year.

The accusations added to tensions between China and the US over issues from policies in the western region of Xinjiang and Hong Kong to the origins of the coronavirus. The Biden administration warned investors last week about the risks of doing business in the Asian financial hub, issuing an advisory that China’s push to exert more control over the city threatens the rule of law and endangers employees and data.

“The Chinese government must end this systematic cyber-sabotage and can expect to be held account if it does not,” UK foreign secretary Dominic Raab said in a statement.

US President Joe Biden told reporters at the White House on Monday that the investigation isn’t finished, but that the Chinese government bears responsibility. His administration said that it was joining with European nations to expose the scale of China’s activity and will take steps to counter it.

The group of nations attributing the attack to China includes Australia, Canada, New Zealand, Japan and Nato, marking the first condemnation by the North American-European alliance on China’s cyber-activities, according to a senior Biden administration official.

“Under US encouragement, Nato has made cyberspace a new battlefield,” Zhao said. “The introduction of the military alliance into cyberspace, not only does little to achieve one’s own security, but may instead provoke a cyber arms race and enhance the risk of friction and disputes in cyberspace, and may undermine international peace and security.”

As part of the announcement, the US National Security Agency, the Cybersecurity and Infrastructure Security Agency and the FBI gave details of  more than 50 tactics Chinese state-sponsored cyber-hackers used when targeting US and allied networks, including spearphishing emails with malicious attachments, exploitation of public-facing applications and drive-by compromise.

Microsoft welcomed the global effort to attribute the attacks and called for future accountability.

The company has previously attributed the hack to cyber-espionage group Hafnium, which allegedly has ties to the Chinese government. The US’s assessment appears to support Microsoft’s conclusions, attributing the hack to people affiliated with the Ministry of State Security with “a high degree of confidence”.

The attack against Microsoft’s Exchange email servers occurred over two weeks between late February and early March. Microsoft first released software patches on March 2 to fix the critical vulnerabilities exploited in the hack. The attack exposed tens of thousands of victim email systems, including those of healthcare facilities, manufacturers, energy companies, and state and local governments.

Bloomberg News. More stories like this are available on bloomberg.com