The UK government has said it holds the Chinese state responsible for a worldwide hack of Microsoft servers earlier this year.

It said that it is joining likeminded partners to confirm its theory that China state-backed actors gained access to computer networks via Microsoft Exchange servers.

The attacks took place in early 2021, affecting over a quarter of a million servers worldwide.

“The cyber-attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour,” said foreign secretary Dominic Raab. “The Chinese Government must end this systematic cyber sabotage and can expect to be held account if it does not.”

The government claimed the attack was highly likely to enable large-scale espionage, including acquiring personally identifiable information and intellectual property.

It said there is widespread, credible evidence that suggests China is carrying out sustained and “irresponsible” cyber activity.

Today the UK is also attributing the Chinese Ministry of State Security as being behind activity known by cyber security experts as “APT40” and “APT31”.

“The Chinese government has ignored repeated calls to end its reckless campaign, instead allowing its state-backed actors to increase the scale of their attacks and act recklessly when caught,” said the government.

“This coordinated action today sees the international community once again urge the Chinese government to take responsibility for its actions and respect the democratic institutions, personal data and commercial interests of those with whom it seeks to partner.”

The UK has called on China to reaffirm the commitment made to the UK in 2015 and as part of the G20 not to conduct or support cyber-enabled theft of intellectual property of trade secrets.

Share Story: