Canada joins allies in blaming China for massive attack on email servers

Breadcrumb Trail Links

World

Canada

Author of the article:

Canadian Press

Lee Berthiaume

Publishing date:

Jul 19, 2021  â€¢  12 minutes ago  â€¢  3 minute read  â€¢  Join the conversation In this file photo a Microsoft logo adorns a building in Chevy Chase, Maryland, May 19, 2021. The U.S. on Monday, July 19, 2021 led allies in a fierce condemnation of China over allegedly "malicious" cyber activity. Photo by EVA HAMBACH /AFP via Getty Images Article content

OTTAWA â€" Canada joined the United States and other allies on Monday in blaming China for a massive cyberattack that compromised tens of thousands of computers around the world earlier this year.

Advertisement

Story continues below

This advertisement has not loaded yet, but your article continues below.

Article content

The attack saw hackers exploit weaknesses in Microsoft Exchange email servers, with the federal government estimating 400,000 servers were compromised before the online assault and server vulnerabilities were revealed in March.

“This activity put several thousand Canadian entities at risk â€" a risk that persists in some cases even when patches from Microsoft have been applied,” Foreign Affairs Minister Marc Garneau, Public Safety Minister Bill Blair and Defence Minister Harjit Sajjan said in the statement.

“Canada is confident that (China’s) Ministry of State Security is responsible for the widespread compromising of the exchange servers.”

We apologize, but this video has failed to load.

The ministers went on to allege the attack was aimed at stealing intellectual property and personal information, and said one particular group called Advanced Persistent Threat Group 40, which they say previously targeted Canada, was among several Chinese entities involved this time.

Advertisement

Story continues below

This advertisement has not loaded yet, but your article continues below.

Article content

“APT 40 almost certainly consists of elements of the Hainan State Security Department’s regional MSS office,” they said.

“This group’s cyber activities targeted critical research in Canada’s defence, ocean technologies and biopharmaceutical sectors in separate malicious cyber campaigns in 2017 and 2018.”

The Canadian Centre for Cyber Security has released information on how to mitigate the threats posed by continued vulnerabilities within Microsoft Exchange servers, the ministers added.

Canada was joined Monday by the U.S., Britain, the European Union and NATO in accusing China of being behind the attacks, the latest round of such public naming and shaming by Western countries as they seek to push back against nefarious online activity by foreign adversaries.

Advertisement

Story continues below

This advertisement has not loaded yet, but your article continues below.

Article content

The announcements, though not accompanied by sanctions against the Chinese government, were intended as a forceful condemnation of activities a senior U.S. official described as part of a “pattern of irresponsible behaviour in cyberspace.”

They highlighted the ongoing threat from Chinese government hackers even as the administration remains consumed with trying to curb ransomware attacks from Russia-based syndicates that have targeted critical infrastructure.

The U.K.’s National Cyber Security Centre said the Chinese groups targeted maritime industries and naval defence contractors in the U.S. and Europe and the Finnish parliament.

In a statement, EU foreign policy chief Josep Borrell said the hacking was “conducted from the territory of China for the purpose of intellectual property theft and espionage.”

Advertisement

Story continues below

This advertisement has not loaded yet, but your article continues below.

Article content

NATO, in its first public condemnation of China for hacking activities, called on Beijing to uphold its international commitments and obligations “and to act responsibly in the international system, including in cyberspace.”

The Microsoft Exchange hack that months ago compromised tens of thousands of computers around the world was swiftly attributed to Chinese cyber spies by private sector groups.

A spokesperson for the Chinese Embassy in Washington did not immediately return an email seeking comment Monday.

China has previously deflected blame for the hack, with a foreign ministry spokesman saying the country “firmly opposes and combats cyberattacks and cyber theft in all forms,” while cautioning attribution of cyberattacks should be based on evidence and not “groundless accusations.”

Advertisement

Story continues below

This advertisement has not loaded yet, but your article continues below.

Article content

The latest round of accusations against China follow not only the Microsoft Exchange server attack, but also a number of high-profile incidents involving ransomware that have targeted public and private infrastructure and operations.

Canada’s cybersecurity agency also released a report last Friday outlining some of the threats that foreign actors could pose during the next federal election, which Prime Minister Justin Trudeau is expected to call in the next few weeks.

The Communications Security Establishment report specifically blamed the majority of online attacks and threats to democratic processes in Canada and other parts of the world since 2015 on China as well as Russia and Iran.

And while Canada may have good defences and not be a major target now, the CSE said a growing number of actors have the tools, capacity and understanding of this country’s political landscape to take action in the future “should they have the strategic intent.”

This report by The Canadian Press was first published July 19, 2021.

â€" With files from The Associated Press

Share this article in your social network Advertisement

Story continues below

This advertisement has not loaded yet, but your article continues below.

Sign up to receive daily headline news from the Toronto SUN, a division of Postmedia Network Inc.

By clicking on the sign up button you consent to receive the above newsletter from Postmedia Network Inc. You may unsubscribe any time by clicking on the unsubscribe link at the bottom of our emails. Postmedia Network Inc. | 365 Bloor Street East, Toronto, Ontario, M4W 3L4 | 416-383-2300 Thanks for signing up!

A welcome email is on its way. If you don't see it, please check your junk folder.

The next issue of The Toronto Sun Headline News will soon be in your inbox.

Comments

Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notificationsâ€"you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.

Share this post