China feels heat for attack on email servers
Canada joins allies in blaming Asian country after thousands of computers compromised earlier this year
OTTAWA — Canada joined the United States and other allies Monday in blaming China for a massive cyberattack that compromised tens of thousands of computers around the world earlier this year.
The attack saw hackers exploit weaknesses in Microsoft Exchange email servers, with the federal government estimating 400,000 servers were compromised before the online assault and server vulnerabilities were revealed in March.
“This activity put several thousand Canadian entities at risk — a risk that persists in some cases even when patches from Microsoft have been applied,” Foreign Affairs Minister Marc Garneau, Public Safety Minister Bill Blair and Defence Minister Harjit Sajjan said in the statement.
“Canada is confident that (China’s) Ministry of State Security is responsible for the widespread compromising of the exchange servers.”
The ministers went on to allege the attack was aimed at stealing intellectual property and personal information, and said one particular group called Advanced Persistent Threat Group 40, which they say previously targeted Canada, was among several Chinese entities involved this time.
“APT 40 almost certainly consists of elements of the Hainan State Security Department’s regional MSS office,” they said.
“This group’s cyber activities targeted critical research in Canada’s defence, ocean technologies and biopharmaceutical sectors in separate malicious cyber campaigns in 2017 and 2018.”
The Canadian Centre for Cyber Security has released information on how to mitigate the threats posed by continued vulnerabilities within Microsoft Exchange servers, added the ministers.
Canada was joined Monday by the U.S., Britain, the EU and NATO in accusing China of being behind the attacks, the latest round of such public naming and shaming by western countries as they seek to push back against nefarious online activity by foreign adversaries.
The announcements, though not accompanied by sanctions against the Chinese government, were intended as a forceful condemnation of activities a senior U.S. official described as part of a “pattern of irresponsible behaviour in cyberspace.”
They highlighted the ongoing threat from Chinese government hackers even as the administration remains consumed with trying to curb ransomware attacks from Russiabased syndicates that have targeted critical infrastructure.