The U.S. Blames China for MS Exchange Attacks and Names 4 Members of APT 40

Last updated September 21, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

The United States has released an official statement on the White House page, putting the blame on hackers supported by the People’s Republic of China (PRC) for the mass-exploitation of zero-day flaws in the Microsoft Exchange server a couple of months back. We already knew that a group called “HAFNIUM” was involved from Microsoft’s own intelligence reports, but this official confirmation comes to seal the attribution. As the announcement details, the United States worked together with allies and partners in the EU, UK, and NATO to collectively confirm the source of the attacks beyond any doubt.

At the same time, today, the U.S. Department of Justice (DoJ) has identified and charged four Chinese nationals who are members of the APT 40 hacking group. The defendants are Ding Xiaoyang (丁晓阳), Cheng Qingmin (程庆民), Zhu Yunmin (朱允敏), and Wu Shurong (吴淑荣), and the charges they face include computer fraud and conspiracy to commit economic espionage. These counts could incur a maximum of 20 years in prison, but it is unlikely that the American authorities will ever have a chance to arrest the four men.

Source: FBI

The four hackers are working with the Ministry of State Security in China and established a front company named Hainan Xiandun Technology Development Co., Ltd., to carry out their operations from a masked source, essentially obfuscating the involvement of the Chinese state. The group managed to steal trade secrets and confidential business information from leading companies in the U.S. and a dozen other countries, developing aircraft/aerospace, autonomous vehicles, specialty chemical formulas, cutting-edge drugs, submersibles, and more.

Acting U.S. Attorney Randy Grossman for the Southern District of California has stated:

This indictment alleges a worldwide hacking and economic espionage campaign led by the government of China. The defendants include foreign intelligence officials who orchestrated the alleged offenses, and the indictment demonstrates how China’s government made a deliberate choice to cheat and steal instead of innovating. These offenses threaten our economy and national security, and this prosecution reflects the Department of Justice’s commitment and ability to hold individuals and nations accountable for stealing the ideas and intellectual achievements of our nation’s best and brightest people.

Even though the Biden administration has been occupied dealing with Russian state-supported cyber-threats lately, this latest announcement comes as a reminder that the source of trouble isn’t monadical and that China remains a big headache for all IT teams around the globe.

The relations between the two countries are at their coldest point right now, with the U.S. issuing an advisory warning to American businesses on Friday highlighting the risk of operating in Hong Kong and sanctioning seven Chinese officials from the liaison office. To this, the Chinese state answered by promising to impose strong counteractions, which should be made public later this week.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: