In regards to the cyber attack that took place back in March, the Chinese Communist Party (CCP) has flat out denied any and all involvement in the attack, this comes in spite of Old Uncle Joe’s administration blaming a group of hackers they stated had ties to China for the attack.
“The United States and countries around the world are holding the People’s Republic of China (PRC) accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security,” stated Secretary of State Antony Blinken this past Monday.
he then proceeded to single out the Ministry of State Science (MSS) specifically, China’s main intelligence service, stating that they had “fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain.”
China responded to these accusations by straight-up” calling them “fabricated.”
“The U.S. has mustered its allies to carry out unreasonable criticisms against China on the issue of cybersecurity,” stated foreign ministry spokesman Zhao Lijian to groups of reported, as stated by the BBC.
This past Monday, a spokesperson for the Chinese Embassy situated in Washington issues a statement that stated that the “U.S. has repeatedly made groundless attacks and malicious smear[s] against China on cybersecurity,” and that “This is just another old trick, with nothing new in it.”
back in March, Microsoft first put forth the claim that a group of hackers, that were backed by the Chinese government, were reportedly using the security holes in their common email system that is utilized by numerous American businesses.
“Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks,” stated the tech giant in a blog post. “In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics, and procedures.”
“We are sharing this information with our customers and the security community to emphasize the critical nature of these vulnerabilities and the importance of patching all affected systems immediately to protect against these exploits and prevent future abuse across the ecosystem,” the post continued. “This blog also continues our mission to shine a light on malicious actors and elevate awareness of the sophisticated tactics and techniques used to target our customers.”
As reported by Microsoft, “HAFNIUM primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.”
“HAFNIUM has previously compromised victims by exploiting vulnerabilities in internet-facing servers, and has used legitimate open-source frameworks, like Covenant, for command and control. Once they’ve gained access to a victim network, HAFNIUM typically exfiltrates data to file sharing sites like MEGA,” continued the explanation. “In campaigns unrelated to these vulnerabilities, Microsoft has observed HAFNIUM interacting with victim Office 365 tenants. While they are often unsuccessful in compromising customer accounts, this reconnaissance activity helps the adversary identify more details about their targets’ environments.”
“HAFNIUM operates primarily from leased virtual private servers (VPS) in the United States,” concluded the company.