The UK government has announced that they and its allies overseas are inculpating China for the cyber-attack experienced by Microsoft earlier in the year.
The government has proclaimed that the Microsoft cyber-attack, which took place in early 2021, was the work of Chinese state-backed actors who unlawfully gained access to computer networks worldwide by hacking Microsoft Exchange servers, an act that affected over 250,000 servers globally.
Dominic Raab, the UK Foreign Secretary, said: “The cyber-attack on Microsoft Exchange Servers by Chinese state-backed groups was a reckless but familiar pattern of behaviour.
“The Chinese Government must end this systematic cyber sabotage and can expect to be held accountable if it does not.” It is believed that the Microsoft cyber-attack was highly likely to facilitate espionage, such as obtaining personally identifiable information and intellectual property. When the Cyber-attack occurred, the UK government assisted in providing advice and recommended actions to people affected by the breach, with Microsoft later announcing that as of late March, 92% of customers had been patched against the vulnerability.
Additionally, the UK is attributing the Chinese Ministry of State Security as culpable for being behind the activity known to cybersecurity experts as APT40 and APT31. APT40 is understood to target naval defence and maritime industries in Europe and the US. Since 2020, APT31 has targeted political figures, governmental organisations, and service providers.
The UK has stated that they have concrete, credible evidence of cyber activity originating from China. The international community urges them to take liability for their actions and respect personal data, democratic institutions, and commercial interests instead of allowing the matter to exacerbate further.
The UK is urging China to confirm its allegiance as part of the G20 not to be complicit in supporting cyber-enabled theft of intellectual property of trade secrets.