EU joins US, UK in accusing China of malicious cyber activities

The EU, US and UK are pointing fingers at China for facilitating and carrying out malicious cyber activities targeted at Western government institutions

The European Union has publicly blamed China for a cyber attack on the Microsoft Exchange server that took place last March.

In a declaration by the EU's High Representative on Foreign Affairs and Security Policy, the bloc maintains that the malicious cyber activities stemmed from Chinese territory, and that some malicious activities targeted government institutions and political organisations in the EU and its member states.

Josep Borrell Fontelles, the High Representative, said that these activities can be linked to hacker groups known as Advanced Persistent Threat 40 and Advanced Persistent Threat 31. 

He further asserted that these activities were conducted for the purpose of intellectual property theft and espionage.

"The EU and its member states strongly denounce these malicious cyber activities, which are undertaken in contradiction with the norms of responsible state behaviour as endorsed by all UN member states," his statement reads. 

"We continue to urge the Chinese authorities to adhere to these norms and not allow its territory to be used for malicious cyber activities, and take all appropriate measures and reasonably available and feasible steps to detect, investigate and address the situation."

Similarly, the UK and US are also holding China responsible for the cyber intrusions. The UK's Foreign, Commonwealth & Development Office took to Twitter to denounce the Chinese state "for significant & widespread cyber intrusions, including attacks on the Microsoft Exchange servers".

US secretary of state Antony Blinken specifically targeted China's Ministry of State Security for having "fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cyber crime for their own financial gain".

"The United States government, alongside our allies and partners, has formally confirmed that cyber actors affiliated with the MSS exploited vulnerabilities in Microsoft Exchange Server in a massive cyber espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims."

He added that the United States will impose "consequences" on China-affiliated malicious cyber actors for their "irresponsible behavior in cyberspace."