Canada, allies accuse China of widespread malicious cyber activity

Canada, other members of the Five Eyes Intelligence Co-operative and members of NATO today accused China of malicious cyber activity, including responsibility for a Microsoft Exchange Server compromise discovered earlier this year.

"Today Canada along with its allies identified state-backed actors of the People's Republic of China (PRC) for their unprecedented and indiscriminate exploitation of Microsoft Exchange Server," said a statement by Foreign Minister Mark Garnew, Defense Minister Harjit Sajjan and Public Security. Has been doing." Minister Bill Blair.

“In early March 2021, Microsoft disclosed vulnerabilities in its Exchange servers that had been exploited by state actors. This activity put several thousand Canadian entities at risk—a risk that in some cases persists even when patches from Microsoft have been applied. Globally, an estimated 400,000 servers have been affected.

"Canada believes that the Ministry of State Security (MSS) of the PRC is responsible for the widespread compromise of exchange servers."

Separately, the Federal Canadian Center for Cyber Security released an update to its 2019 Cyber Threats to Canada Democratic Process Report. Among other things, the update says that democratic processes remain a popular target for cyber attackers. After increasing from 2015 to 2017, the proportion of democratic processes targeted by cyber threat actors has remained relatively stable since 2017. “From 2015 to 2020, we believe that the vast majority of cyber threat activity affecting democratic processes can be attributed to state-sponsored cyberbullying actors. These actors are responsible for their strategic objectives (i.e., political, economic). and geopolitical) in pursuit of democratic processes."

American response

A statement from the White House this morning said, "We are aware that cyber operators affiliated with the PRC government have conducted ransomware operations against private companies, including ransom demands of millions of dollars. PRC [People's Republic of China] ] Contract hackers' reluctance to address criminal activity causes governments, businesses and critical infrastructure operators billions of dollars in damage through lost intellectual property, proprietary information, ransom payments and mitigation efforts.

At the same time the US Department of Justice announced criminal charges against four members of China's Ministry of State Security for an alleged multi-year campaign targeting foreign governments and entities in key sectors including the maritime, aviation, defense, education and healthcare. Dozens of countries

US documents backing allegation that these hackers carried out the theft of Ebola virus vaccine research. The government also alleges that China's theft of intellectual property, trade secrets and confidential business information extends to important public health information.

The White House statement said much of the activity alleged in the Justice Department's allegations "contradicts the PRC's bilateral and multilateral commitments to avoid engaging in cyber-enabled theft of intellectual property for commercial gain."

The statement follows President Joe Biden's demands that Russia stop supporting cyberattack groups.

Canada's statement

Canada's statement said several cyber groups in the PRC have participated in Microsoft Exchange operations, including Advanced Persistent Threat Group 40 (APT 40). Mohawk, Leviathan or Mudcarp. “These actors are highly sophisticated and have demonstrated the ability to gain continuous, covert access to Canada and affiliated networks beyond compromising Microsoft Exchange servers.

"APT 40 almost certainly includes elements of the Hainan State Security Department's regional MSS office. The cyber activities of this group have led to significant research in Canada's defence, ocean technologies and biopharmaceutical fields in separate malicious cyber operations in 2017 and 2018. targeted to.

“Canada and its allies stand firm in their unity and solidarity in what they call irresponsible state-sponsored cyber activity. Canada will continue to issue public accusations to make clear to criminals that it has committed malicious cyber attacks against Canada and its allies. Canada will continue to work closely with partners on this important security issue.

“Canada is committed to working with partners to support the open, reliable and secure use of cyberspace and calls on China to act responsibly and stop this pattern of irresponsible and harmful cyberspace behavior. Responsible. Such reckless actions by state actors cannot be accepted and tolerated.

The Canadian Center for Cyber Security has provided guidance on mitigating the ongoing threat posed by Microsoft Exchange Server vulnerabilities. it was the most ntly updated in April.