Early this year, a series of flaws in stand-alone installations of Microsoft Exchange server has seen several hundreds of thousands of installations of Exchange Server being compromised by Chinese hacker group Hafnium. Today, US government blamed Chinese government for exploiting the security vulnerabilities in Exchange server.
Before Microsoft released its security updates, MSS-affiliated cyber operators exploited these vulnerabilities to compromise tens of thousands of computers and networks worldwide in a massive operation that resulted in significant remediation costs for its mostly private sector victims.
We have raised our concerns about both this incident and the People’s Republic of China’s (PRC) broader malicious cyber activity with senior PRC Government officials, making clear that the PRC’s actions threaten security, confidence, and stability in cyberspace.
Also, the National Security Agency, the Cybersecurity and Infrastructure Agency, and the Federal Bureau of Investigation have released a cybersecurity advisory to detail additional PRC state-sponsored cyber techniques used to target U.S. and allied networks, including those used when targeting the Exchange Server vulnerabilities. US government is exposing the PRC’s malicious activity to keep everyone informed about cybersecurity risks.