US, NATO and EU Blame China-Affiliated Hackers for Microsoft Hack

The Biden administration joined a broad group of U.S. allies in formally blaming a hacking group tied to China’s Ministry of State Security (MSS), known as “Hafnium,” for a breach of Microsoft’s Exchange Server email software earlier this year. Microsoft itself blamed the group in March, labeling it a “state-sponsored threat actor,” but governments held off blame until investigators had “high confidence” that the group was affiliated with the MSS. Additionally, the Justice Department indicted three MSS officers and one contracted hacker on separate hacking charges. The White House said in a statement that the U.S. had raised the issue with the Chinese government, and Secretary of State Anthony Blinken said in a press release that “the United States will impose consequences on PRC malicious cyber actors for their irresponsible behavior in cyberspace." No sanctions have been issued as of Monday afternoon.

Coverage differed across the spectrum in saying the U.S. had accused either the Chinese government itself or just “Chinese-linked hackers"; statements by NATO, the European Union, Canada and the U.K. also varied somewhat on that point. While most coverage focused on the Microsoft hack, some coverage focused on the broader accusations of criminal hacking activity, including ransomware attacks, made against MSS-affiliated hackers.