China slams 'groundless' allegations of Microsoft hack

US accuses Beijing of massive cyberattack on Microsoft, rallies allies in condemnation

Published: 08:20 AM, 20 Jul, 2021
China slams 'groundless' allegations of Microsoft hack
Caption: File photo.
Stay tuned with 24 News HD Android App
Get it on Google Play

Chinese authorities on Tuesday denied carrying out a massive hack of key Microsoft servers, describing US allies' allegations as "groundless" and "irresponsible".

The United States and several allies have publicly accused China of hacking Microsoft Exchange -- an email platform used by corporations around the world.

In China's first official response, embassies in Australia and New Zealand issued fiery statements of denial. 

The Chinese embassy in Wellington described the allegations as "totally groundless and irresponsible" and a "malicious smear". 

The embassy in Canberra accused Australia of "parroting" US rhetoric and described Washington as "the world champion of malicious cyberattacks". 

President Joe Biden's administration has accused China of fostering an "ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain".

Attribution of sophisticated cyberattacks is both technically difficult and politically fraught -- so the rare decision by US allies to publicly blame China had been expected to bring a sharp response.

"Given the virtual nature of cyberspace, one must have clear evidence when investigating and identifying cyber-related incidents," the Chinese embassy in New Zealand said.

Earlier, the United States has accused Beijing of carrying out a massive hack of Microsoft and charged four Chinese nationals as it rallied allies in rare joint condemnation of "malicious" cyber activity from China.

In comments likely to further strain worsening relations between Washington and Beijing, US Secretary of State Antony Blinken said that the March hack of Microsoft Exchange, a top email server for corporations around the world, was part of a "pattern of irresponsible, disruptive and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security."

China's Ministry of State Security, or MSS, "has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain," Blinken said in a statement.

In a simultaneous announcement, the US Department of Justice said four Chinese nationals had been charged with hacking the computers of dozens of companies, universities and government bodies in the United States and abroad between 2011 and 2018.

Pointing to the indictment, Blinken said the United States "will impose consequences on (Chinese) malicious cyber actors for their irresponsible behavior in cyberspace."

President Joe Biden told reporters the United States was still completing an investigation before taking any countermeasures and drew parallels with the murky but prolific cybercrime attributed by Western officials to Russia. 

"The Chinese government, not unlike the Russian government, is not doing this themselves, but are protecting those who are doing it, and maybe even accommodating them being able to do it," Biden told reporters.

- NATO solidarity -

Biden, like his predecessor Donald Trump, has ramped up pressure on China, seeing the rising Asian power's increasingly assertive moves at home and abroad as the main long-term threat to the United States.

In a step that the Biden administration hailed as unprecedented, the United States coordinated its statement Monday with allies -- the European Union, Britain, Australia, Canada, New Zealand, Japan and NATO.

"The cyberattack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behavior," British Foreign Secretary Dominic Raab said.

NATO issued a statement condemning malicious cyber activity and offering "solidarity" over the Microsoft hacking without directly assigning blame, while noting that allies United States, Britain and Canada found China to be responsible.

State Department spokesman Ned Price said it was the first time that NATO -- the Western military alliance whose members include Hungary and Turkey, which have comparatively cordial relations with Beijing -- has condemned cyber activity from China.

It comes weeks after NATO took up China at a summit attended by Biden.

"We know we'll be stronger, we know we'll be more effective when we act collectively," Price said, saying the United States was not ruling out further action.

Biden has promised a strategy driven by alliances to face Beijing, drawing a contrast with Trump's predilection for harsh rhetoric.

- Billions seen lost -

Frank Cilluffo, director of Auburn University's McCrary Institute for Cyber and Critical Infrastructure Security, praised the "breadth and depth of international cooperation" in clearly attributing responsibility to China.

"In addition to the indictments, we need to follow through to ensure there are consequences to induce changes in the Chinese government's behavior and hopefully move toward leveling the cyber playing field," he said.

The Microsoft hack, which exploited flaws in the Microsoft Exchange service, affected at least 30,000 US organizations including local governments as well as organizations worldwide.

"Responsible states do not indiscriminately compromise global network security nor knowingly harbor cyber criminals -- let alone sponsor or collaborate with them," Blinken said in his statement.

"These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts, all while the MSS had them on its payroll."

Accusations of cyberattacks against the United States have recently focused on Russia, rather than China.

US officials say that many of the attacks originate in Russia, although they have debated to what extent there is state involvement. Russia denies responsibility.

This year has seen a slew of prominent ransomware strikes that have disrupted a major US pipeline, a meat processor and the software firm Kaseya, which affected 1,500 businesses.

Last week, Washington offered $10 million for information about foreign online extortionists.


Agence France-Presse is an international news agency.