U.S. blames China for Microsoft exploit, lists a Washington university among separate hack targets

Microsoft CEO Satya Nadella discusses the importance of security at a past Microsoft Build developer conference. (GeekWire File Photo)

The United States and its allies took the extraordinary step of attributing cyberattacks that exploited vulnerabilities in Microsoft’s Exchange Server to hackers affiliated with China’s Ministry of State Security.

In a separate action announced as part of the same statement, the U.S. Justice Department unsealed criminal charges against four people whom it identified as MSS hackers — accusing them of engaging in “a multiyear campaign targeting foreign governments and entities in key sectors, including maritime, aviation, defense, education, and healthcare in a least a dozen countries.”

That complaint listed among the targets of the attempted hacks “a Washington university with an Applied Physics Laboratory involved in maritime research and development.” GeekWire has contacted the University of Washington, which appears to uniquely fit that description, for further comment.

Both actions are part of a broader attempt by the U.S. and its NATO allies to identify and curb what they describe as China’s “irresponsible state behavior.”

The attribution of the Exchange Server hacks builds on Microsoft’s identification of the hackers in March as the Chinese group Hafnium, which the company described at the time as a “highly skilled and sophisticated actor.”

The attributions made by the U.S. government and its allies Monday morning are “an important and positive step that will contribute to our collective security,” said Tom Burt, Microsoft’s corporate vice president, customer security and trust.

“Attributions like these will help the international community ensure those behind indiscriminate attacks are held accountable,” Burt said. “Transparency is critical if we’re to combat the rising cyberattacks we see across the planet against individuals, organizations and nations.”

The White House said in its statement, “Before Microsoft released its security updates, MSS-affiliated cyber operators exploited these vulnerabilities to compromise tens of thousands of computers and networks worldwide in a massive operation that resulted in significant remediation costs for its mostly private sector victims.”

It added, “We have raised our concerns about both this incident and the PRC’s broader malicious cyber activity with senior PRC Government officials, making clear that the PRC’s actions threaten security, confidence, and stability in cyberspace.”