> Following Microsoft’s original disclosure in early March 2021, the United States Government also identified other vulnerabilities in the Exchange Server software.<p>> Rather than withholding them, the United States Government recognized that these vulnerabilities could pose systemic risk and the National Security Agency notified Microsoft to ensure patches were developed and released to the private sector.<p>Finally they seem to be starting to take the defence of citizens and private industry seriously - in a far more public forum. Instead of just hearing the odd story of this happening through back channels.<p>From the linked press release:<p><a href="https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/19/the-united-states-joined-by-allies-and-partners-attributes-malicious-cyber-activity-and-irresponsible-state-behavior-to-the-peoples-republic-of-china/" rel="nofollow">https://www.whitehouse.gov/briefing-room/statements-releases...</a>
There is so much doubt in this comment section around the validity of the accusations.<p>We have a number of countries putting forward the knowledge they have mutually agreed upon. What is shared is known to a high degree of certainty. Any details that are questionable would not have been shared prematurely.
It looks like cyber warfare, as well as espionage, is considered pretty much fair game in geopolitics nowadays. I wonder where the line is drawn that would make it an act of war.
In any case, a direct attack from the Chinese government towards it's main trade partners (US, Germany and Japan among them) sounds crazy to me.
This is messy article. There are multiple things happening at once.<p>Attack vs. espionage are treated differently.<p>Espionage is done with the intention is to steal information. Espionage is relatively normal between states. Condemn, file charges, then do the same back a them.<p>Attack is when the intention is to cause harm or coerce. Ransomware, intentionally disrupting or destroying systems. Attacks from foreign government or entities acting behalf of an government are essentially acts of war.<p>The West is condemning together "mixing" where Chinese government sanctioned groups are doing attacks for financial gain on the side. China should spy responsibly and stop attacks.
I don't think Chinese cyber spying is really news to anyone. What's different about this now is that the U.S., a few others and notably, NATO are specifically calling out China for it.<p>That's a pretty heavy diplomatic change. Especially the inclusion of NATO.
The EU does not accuse the Chinese government of being behind the attacks.<p>This is the EU press statement:<p><a href="https://www.consilium.europa.eu/en/press/press-releases/2021/07/19/declaration-by-the-high-representative-on-behalf-of-the-eu-urging-china-to-take-action-against-malicious-cyber-activities-undertaken-from-its-territory/" rel="nofollow">https://www.consilium.europa.eu/en/press/press-releases/2021...</a><p>China: Declaration by the High Representative on behalf of the European Union urging Chinese authorities to take action against malicious cyber activities undertaken from its territory
The amount of hot air on this topic is incredible.<p>The US has denounced, accused, etc Russia on cyber attacks<p>It is now calling out and accusing China of cyber attacks.<p>My guess - ZERO concrete action.<p>Meanwhile, China says relatively little and focuses on actual power - trade ties, threats etc.
Would this be the first full scale assault by Chinese hackers in the supply chain that we know of? If so, it is notable that they are aggressively acting in that way (and breached).
China has been accused of hacking and/or electronic spying by other states.<p>Russia has been accused of hacking and/or electronic spying by other states.<p>North Korea has been accused of hacking and/or electronic spying by other states.<p>And yes, the US and quite a few European states -- and many other countries -- have also been accused of hacking and/or electronic spying by other states[a].<p>All these governments are <i>playing with explosives</i>: The right spark at the wrong place at the wrong time can start a fire.<p>Seemingly "minor" incidents have triggered wars in the past.[b]<p>--<p>[a] Including via highly-targeted malware such as <a href="https://en.wikipedia.org/wiki/Stuxnet" rel="nofollow">https://en.wikipedia.org/wiki/Stuxnet</a><p>[b] For example, <a href="https://en.wikipedia.org/wiki/Pig_War_(1859)" rel="nofollow">https://en.wikipedia.org/wiki/Pig_War_(1859)</a> , <a href="https://en.wikipedia.org/wiki/Marco_Polo_Bridge_Incident" rel="nofollow">https://en.wikipedia.org/wiki/Marco_Polo_Bridge_Incident</a> , <a href="https://en.wikipedia.org/wiki/Football_War" rel="nofollow">https://en.wikipedia.org/wiki/Football_War</a> , <a href="https://en.wikipedia.org/wiki/Assassination_of_Archduke_Fran" rel="nofollow">https://en.wikipedia.org/wiki/Assassination_of_Archduke_Fran</a>... -- to name a few off the top of my head.
I recommend reading "The Perfect Weapon: How the Cyber Arms Race Set the World Afire" if you're interested in learning more about cyberattacks over the past decade and the geopolitics of it cyberattacks.
Are there similar stories in China about Chinese companies being hacked by the US gov? Do Chinese people get outraged over them or does game recognize game? Do Chinese companies have hacking divisions?
why impose sanctions on Russia and not China? The article implies that allies would not agree to sanctions which is fair enough, but the USA can still do something alone, no?
Let's assume this is true for a moment. Now what?<p>China have:<p>* crushed protest at home and moved deeper into dictatorship<p>* shat all over the 1 country 2 systems agreement and strangled what little democracy there was in HK<p>* started a mini ground war with their nuclear armed neighbour India<p>* launched multiple pandemics, the latest costing the world trillions in lost output and millions of deaths<p>* started a Genocide internally<p>And were not willing to do anything are we? No so much as a sanction or an embargo except for Australia, who've been left to twist in the wind.<p>So now China hacked some shit? Great. What are we gonna do? Nothing because no one wants to pay interest on their borrowing or 3p more for pointless plastic shit they don't need from amazon.<p>/Rant.
Is anyone else sick of all this forced "connected cloud" crap?<p>My wife just got a new Windows laptop and the amount of dark patterns they use to push people towards the Windows cloud is insane. I haven't used Windows in years, but it's glaringly clear that the entire modern Windows OS is designed around recurring monetization of users. Nowadays, Windows machines are essentially one big trojan horse waiting to either be hacked or tapped into by 3-letter agencies.
And? U.S. and key allies install backdoors in device firmware and imbedded chips from manufacturers to spy on their own citizens. Why should we care at this point? We've had over 20 years to have this conversation, too late now. lol
I can't help but think "accuse" is a peculiar choice of words, because it implies that the accuser has any basis to feel wronged.<p>If they had any integrity they'd say: "I guess you got us back, huh!".<p>Entertaining to watch nonetheless.
The US intelligence services have specific tools to fake the source of a cyberattack. I really don't know what anyone thinks "...accuse China..." means in such headlines.<p>It could be anyone.
They are making accusations on China based on "educated" guesswork. The smoking gun is missing to "prove" provenance and attribution. In fact that is incredibly hard to prove.<p>In Stuxnet for example, the alleged perpetrators hinted that they were behind it.<p>Will the same countries and allies now condemn known, disclosed and proven cyberattacks sourced from other countries (with known state involvement and complicity) on activists and journalists that lead to imprisonment and death?<p>And Microsoft has a very long history of vulnerabilities and hiding it. And then they will refuse to patch known vulnerabilities in lower versioned software trying to force large customers to do unwanted version upgrades and to adopt the more expensive SaaS offerings.<p>They are now trying to force all customers off of the already paid for and cheaper on-prem Microsoft Exchange which is still the dominant software in the directory services market and trying to get all corporates onto Azure AD.