The United States and its NATO allies have formally accused the Chinese government of sponsoring the hack of Microsoft Exchange servers that occurred earlier this year. Chinese state media called the accusation "ridiculous."

In March, Microsoft issued a statement saying it had detected "multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in a limited and targeted attack." Attackers were able to use the vulnerabilities to gain access to email accounts and install malware to conduct more prolonged attacks. The patch was released immediately, but in an update a week later, Microsoft said it "continues to see multiple actors using unpatched systems to attack organizations using on-premises Exchange Server.

Microsoft pointed the finger at Hafnium, a "highly skilled and sophisticated" Chinese hacker group that it claims is targeting U.S.-based stakeholders and industries, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.

"Recently, Hafnium has launched a number of attacks using previously unknown exploits targeting on-premises Exchange Server software," explained Microsoft's Tom Burt. To date, Hafnium is the primary attacker using these exploits."

Today, the U.S. government issued a statement supporting Microsoft's claim that Hafnium is a "state-sponsored threat actor" and attributing "malicious cyber activity and irresponsible state behavior" to the People's Republic of China.

The statement accuses the Chinese government of using "criminal contract hackers" to conduct unsanctioned cyber activities worldwide. It also claims that alongside the alleged contract with the Chinese Ministry of State Security, the hackers involved are "engaged in ransomware attacks, cyber-enabled extortion, crypto-jacking, and rank theft from victims worldwide, all for [personal] financial gain."

It also reiterates Microsoft's March claim, stating "with high confidence" that China-based hackers were indeed behind the hacks that took advantage of vulnerabilities in Microsoft Exchange Server. According to the statement, "tens of thousands of computers and networks around the world" were "compromised in a massive operation, most of the victims of which were private companies, resulting in significant remediation costs."

Although the U.S. government has not taken direct action against China at this time, it has filed criminal charges against four individuals allegedly involved in online espionage by China. The charges are not related to the hacking of Microsoft Exchange servers, but to a "multi-year campaign targeting foreign governments and organizations in key sectors including maritime, aviation, defense, education, and healthcare in at least 12 countries" that took place between 2011 and 2018.

The United Kingdom, the European Union, and Canada issued parallel statements condemning the hacking of Microsoft's server Exchange and other cyberespionage activities. The North Atlantic Treaty Organization (NATO) also issued a statement condemning "malicious cyber activity," but took a somewhat more reserved approach and did not directly point the finger at China. [We acknowledge that allies such as Canada, the United Kingdom, and the United States have issued statements attributing responsibility for the Microsoft Exchange server breach to the People's Republic of China. In line with the communiqué of the recent Brussels Summit, we call on all countries, including China, to uphold their international commitments and obligations and act responsibly in the international system, including in cyberspace." "

China's Foreign Ministry has yet to respond to the accusation, but the state-run Xinhua news agency described the claim on Twitter as "absurd":

Xinhua's statement was in reference to CIA analyst whistleblower Edward Snowden's 2013 claim that the US National Security Agency had conducted 61 . referring to his statement that he was convinced the agency had conducted more than 61,000 hacking operations; in 2014, The New York Times reported that Snowden's documents showed that the NSA had hacked into the servers of Chinese telecommunications giant Huawei.

.