Canada, allies blame China for cyberattack

Canada joined the United States and other allies on Monday in blaming China for a massive cyberattack that compromised tens of thousands of computers around the world earlier this year.

The attack saw hackers exploit weaknesses in Microsoft Exchange email servers, with the federal government estimating 400,000 servers were compromised before the online assault and server vulnerabilities were revealed in March.

“This activity put several thousand Canadian entities at risk — a risk that persists in some cases even when patches from Microsoft have been applied,” Foreign Affairs Minister Marc Garneau, Public Safety Minister Bill Blair and Defence Minister Harjit Sajjan said in the statement.

“Canada is confident that (China’s) Ministry of State Security is responsible for the widespread compromising of the exchange servers.”

Today, Canada joins its allies in identifying People's Republic of China’s state-backed actors for the unprecedented and indiscriminate exploitation of Microsoft exchange servers.

➡️ https://t.co/JcDrfg9CEr @HarjitSajjan@BillBlair

— Marc Garneau (@MarcGarneau) July 19, 2021

The ministers went on to allege the attack was aimed at stealing intellectual property and personal information, and said one particular group called Advanced Persistent Threat Group 40, which they say previously targeted Canada, was among several Chinese entities involved this time.

“APT 40 almost certainly consists of elements of the Hainan State Security Department’s regional MSS office,” they said.

“This group’s cyber activities targeted critical research in Canada’s defence, ocean technologies and biopharmaceutical sectors in separate malicious cyber campaigns in 2017 and 2018.”

The Canadian Centre for Cyber Security has released information on how to mitigate the threats posed by continued vulnerabilities within Microsoft Exchange servers, the ministers added.

Canada was joined Monday by the U.S., Britain, the European Union and NATO in accusing China of being behind the attacks, the latest round of such public naming and shaming by Western countries as they seek to push back against nefarious online activity by foreign adversaries.

The announcements, though not accompanied by sanctions against the Chinese government, were intended as a forceful condemnation of activities a senior U.S. official described as part of a “pattern of irresponsible behaviour in cyberspace.”

They highlighted the ongoing threat from Chinese government hackers even as the administration remains consumed with trying to curb ransomware attacks from Russia-based syndicates that have targeted critical infrastructure.

The U.K.'s National Cyber Security Centre said the Chinese groups targeted maritime industries and naval defence contractors in the U.S. and Europe and the Finnish parliament.

In a statement, EU foreign policy chief Josep Borrell said the hacking was “conducted from the territory of China for the purpose of intellectual property theft and espionage.”

NATO, in its first public condemnation of China for hacking activities, called on Beijing to uphold its international commitments and obligations “and to act responsibly in the international system, including in cyberspace.”

The Microsoft Exchange hack that months ago compromised tens of thousands of computers around the world was swiftly attributed to Chinese cyber spies by private sector groups.

A spokesperson for the Chinese Embassy in Washington did not immediately return an email seeking comment Monday.

China has previously deflected blame for the hack, with a foreign ministry spokesman saying the country “firmly opposes and combats cyberattacks and cyber theft in all forms,” while cautioning attribution of cyberattacks should be based on evidence and not “groundless accusations.”

The latest round of accusations against China follow not only the Microsoft Exchange server attack, but also a number of high-profile incidents involving ransomware that have targeted public and private infrastructure and operations.

Canada’s cybersecurity agency also released a report last Friday outlining some of the threats that foreign actors could pose during the next federal election, which Prime Minister Justin Trudeau is expected to call in the next few weeks.

The Communications Security Establishment report specifically blamed the majority of online attacks and threats to democratic processes in Canada and other parts of the world since 2015 on China as well as Russia and Iran.

And while Canada may have good defences and not be a major target now, the CSE said a growing number of actors have the tools, capacity and understanding of this country’s political landscape to take action in the future “should they have the strategic intent.”