The U.S. Blames China for MS Exchange Attacks and Names 4 Members of APT 40

• The United States has made an official attribution for the MS Exchange zero-day attacks, and the finger points to Chinese hackers.
• Four individuals who had set up a shell company to hide their connection with the Chinese state have been charged by the U.S. DoJ.
• The darkness in the relations between the two countries is deepening, with rounds of sanctions succeeding one another.

The United States has released an official statement on the White House page, putting the blame on hackers supported by the People’s Republic of China (PRC) for the mass-exploitation of zero-day flaws in the Microsoft Exchange server a couple of months back. We already knew that a group called “HAFNIUM” was involved from Microsoft’s own intelligence reports, but this official confirmation comes to seal the attribution. As the announcement details, the United States worked together with allies and partners in the EU, UK, and NATO to collectively confirm the source of the attacks beyond any doubt.

At the same time, today, the U.S. Department of Justice (DoJ) has identified and charged four Chinese nationals who are members of the APT 40 hacking group. The defendants are Ding Xiaoyang (丁晓阳), Cheng Qingmin (程庆民), Zhu Yunmin (朱允敏), and Wu Shurong (吴淑荣), and the charges they face include computer fraud and conspiracy to commit economic espionage. These counts could incur a maximum of 20 years in prison, but it is unlikely that the American authorities will ever have a chance to arrest the four men.

The four hackers are working with the Ministry of State Security in China and established a front company named Hainan Xiandun Technology Development Co., Ltd., to carry out their operations from a masked source, essentially obfuscating the involvement of the Chinese state. The group managed to steal trade secrets and confidential business information from leading companies in the U.S. and a dozen other countries, developing aircraft/aerospace, autonomous vehicles, specialty chemical formulas, cutting-edge drugs, submersibles, and more.

Acting U.S. Attorney Randy Grossman for the Southern District of California has stated:

Even though the Biden administration has been occupied dealing with Russian state-supported cyber-threats lately, this latest announcement comes as a reminder that the source of trouble isn’t monadical and that China remains a big headache for all IT teams around the globe.

The relations between the two countries are at their coldest point right now, with the U.S. issuing an advisory warning to American businesses on Friday highlighting the risk of operating in Hong Kong and sanctioning seven Chinese officials from the liaison office. To this, the Chinese state answered by promising to impose strong counteractions, which should be made public later this week.