National Cyber Security Centre Warns British Businesses of Chinese Hacking

The Hafnium hacker group.
Along with economic espionage, another threat facing American companies is cyber-attacks.(Image: TheDigitalArtist via Pixabay)

Some 2,300 British businesses were recently contacted by the National Cyber Security Centre (NCSC) and urged to update their servers and use the latest Microsoft security patches to protect their Outlook emails due to possible Chinese hacking.

Thus far, less than half of the approximately 8,000 affected businesses have taken steps to download the security patches and protect their data and intellectual property. With the challenges of people working from home, it is likely that some of the businesses affected may not have considered the possible impact on their business operations if they are among those targeted. 

In 2017, the Government Communications Headquarters (GCHQ) opened its new NCSC offices in London. The then-CEO, Ciaran Martin, spoke about its cybersecurity plans, saying: “All our government, security, military, law enforcement, and international supporters will have a critical role to play. But in particular, this will be about business and the private sector.”

It is understood that Microsoft confirmed their platform was attacked by the Chinese hacking group Hafnium, a hacker group that is said to have connections to the Chinese Communist regime.
It is understood that Microsoft confirmed its platform was attacked by Hafnium, a Chinese hacking group that is said to have connections to the Chinese Communist regime. (Image: via Pixabay)

Chinese hacking through Hafnium

It is understood that Microsoft confirmed its platform was attacked by Hafnium, a hacker group that is said to have connections to the Chinese Communist regime, after the prominent Taiwanese cyber-researcher Cheng-Da Tsai identified the source of the breach and reported it to Microsoft in January. 

Microsoft, which has been operating in China since 1992 and runs an artificial intelligence research unit there, described the China-based Hafnium group as “state-sponsored.”

Microsoft was infiltrated in January 2021 after Hafnium used an advanced persistent threat (APT), a national-level tech attack created by gaining access to the popular business applications on Microsoft’s Exchange Server through four security gaps in the software.

APT works by sitting silently inside the networks and accessing data to hold companies and their business operations for ransom. On March 2, Microsoft publicized the hack and said it had created patches that should be downloaded as a matter of urgency. 

In the U.S, organizations — ranging from local governments, think tanks, academic institutions, infectious disease researchers, law firms, and defense contractors — have all been targeted, with 30,000 businesses affected by Chinese hacking. Microsoft Outlook users said they received an unexpected email, as the attackers used unauthorized access to email contacts in a way that looked legitimate.

Microsoft said that it 'continues to see multiple actors taking advantage of unpatched systems to attack organizations with on-premises exchange servers.'
Microsoft said that it ‘continues to see multiple actors taking advantage of unpatched systems to attack organizations with on-premises exchange servers.’ (Image: Screenshot via YouTube)

On March 8, Microsoft said that it “continues to see multiple actors taking advantage of unpatched systems to attack organizations with on-premises exchange servers.” The U.S. took the hard line of implementing emergency powers to insist that government agencies update their Microsoft server patches, taking the unusual step of publicly tweeting the message in an effort to highlight the urgency.

Hafnium hack paved the way for other Chinese hacking groups

The initial Chinese hacking by Hafnium paved the way for other Chinese hacking groups to work on exploiting the unresolved security flaws before security patches were released.

According to Wired, it is physical servers rather than cloud-based virtual servers being targeted, as hackers scanned the servers and “planted a ‘web shell’ — a remotely accessible, web-based backdoor foothold — on the exchange servers they exploited.” The Chinese hacking group could snoop on the target machines and use them to work their way around other computers on the same server network.

Speaking to Times Radio on March 15, founding CEO Ciaran Martin, who left NCSC in August 2020 to join the Blavatnik School of Management at Oxford University, revealed: “Britain’s policy towards China [is] confusing.” He was nodding toward the former inward investment policies by former Chancellor George Osborne to allow China to pour money into the UK.

In 2015, the BBC reported that Prime Minister Cameron had allowed his chancellor to dictate policy and that the cabinet was “being dragged along” following “Osborne doctrine.” Under the Conservative-Liberal Democrat coalition government, China had invested “£1 billion towards the regeneration of the Royal Docks in the East End, £800 million for the Airport City project in Manchester, and £790 million for the redevelopment of the Nine Elms zone in Battersea.”

Professor Martin believes that “Britain must make tough choices” very soon as China is perceived as a “strategic competitor” and that ministers who went along with the “so-called golden era” at the time were getting cold feet.

Meanwhile, Paul Chichester, director of operations at NCSC, asked British businesses to install all Microsoft security patches, be aware of how ransomware presents itself, and report any hacks to the NCSC.

Follow us on Twitter, Facebook, or Pinterest

RECOMMENDATIONS FOR YOU