Site navigation

UK Accuses China of “Cyber Sabotage” for Role in Microsoft Exchange Attack

Ross Kelly


Microsoft Exchange
Foreign Secretary Dominic Raab described the attack as a “reckless but familiar pattern of behaviour”.

A coalition of governments has accused China of enabling “systematic cyber sabotage” and called on the country’s regime to cease malicious cyber activities.

Alongside international partners, the UK Government today (19th July) claimed that Chinese state-backed hackers were responsible for the Microsoft Exchange attacks earlier this year.

The Microsoft Exchange attacks affected more than a quarter of a million servers worldwide and disrupted tens of thousands of businesses.

At the time, the National Cyber Security Centre (NCSC) was forced to issue advice to more than 70 affected UK organisations and assist them in mitigating the effects of the attack.

According to Microsoft, by end of March 92% of customers had patched against the vulnerability.

In its statement, the UK Government claimed the attack intended to enable “large-scale espionage” which included the theft of intellectual property and personally identifiable information (PII).

An official investigation by the NCSC found that the Microsoft Exchange compromise was “initiated and exploited” by a Chinese state-backed threat actor known as ‘HAFNIUM’.

“NCSC judge it highly likely that HAFNIUM is associated with the Chinese state,” the centre said.

Reckless behaviour

Foreign Secretary Dominic Raab said the attack highlighted a “reckless but familiar pattern of behaviour” and issued a warning to the Chinese regime.

He said: “The Chinese Government must end this systematic cyber sabotage and can expect to be held to account if it does not.”

In a statement issued separately, a representative for the European Union said: “The EU and its Member States strongly denounce these malicious cyber activities, which are undertaken in contradiction with the norms of responsible state behaviour as endorsed by all UN Member States.

“We continue to urge the Chinese authorities to adhere to these norms and not allow its territory to be used for malicious cyber activities, and take all appropriate measures and reasonably available and feasible steps to detect, investigate and address the situation.”

Repeated warnings from western governments appear to have been disregarded by Chinese authorities, however. In recent months, state-backed actors have increased both the scale and severity of attacks.


The UK is also attributing Chinese security services as being behind activity known as “APT40” and “APT31”.

To date, APT40 activities have included the targeting maritime industries and naval defence contractors in the US and Europe.

Similarly, APT31 is believed to be responsible for the targeting of government entities, including the Finnish parliament in 2020.

NCSC Director of Operations Paul Chichester commented: “The attack on Microsoft Exchange servers is another serious example of a malicious act by Chinese state-backed actors in cyberspace.

“This kind of behaviour is completely unacceptable, and alongside our partners we will not hesitate to call it out when we see it.”

Ross Kelly

Staff Writer

Latest News

%d bloggers like this: