cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Top spy chief says PRC government helped cyber criminals with Microsoft Exchange hack to parliamentary inquiry

One of Australia’s top spy chiefs held China accountable for their role in supporting global cyber attacks at a hearing by a parliamentary inquiry this week.

user iconReporter
Fri, 30 Jul 2021
Top spy chief says PRC government helped cyber criminals with Microsoft Exchange hack to parliamentary inquiry
expand image

Head of the Australian Signals Directorate, Rachel Noble, took aim at the Chinese government at a parliamentary inquiry into Australia’s cyber resilience this week, accusing the country of helping cyber criminals to exploit the recent Microsoft Exchange vulnerabilities.

Australia’s highest ranking cyber spy boss likened Beijing’s actions to helping burglars break into homes.

“To describe it in plain language, it would be like houses and buildings had faulty locks on the doors,” Noble said.


“When the Chinese government became aware of those faulty locks on the doors, they went in and they propped all those doors open.

“What then happened was that there was opportunity for all sorts of criminals [and] other state actors – you name it – to pour in behind all those propped-open doors and get into your house or your building.

“It’s that action, from a technical point of view, which crossed a line in the judgment of policy agencies in governments around the world.”

The recent Microsoft Exchange hack impacted a projected 250,000 servers across the world, including a litany of government and defence organisations.

“Today, we’re sharing information about a state-sponsored threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) that we are calling Hafnium. Hafnium operates from China, and this is the first time we’re discussing its activity. It is a highly skilled and sophisticated actor,” Tom Burt, corporate vice president, customer security and trust, published on the Microsoft website.

“Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs. While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States.”

According to the spy chief, some 70,000 Australian organisations used the Microsoft Exchange program and are at risk of exploitation.

The accusations by Australia’s spy chiefs come following the international condemnation against state sponsored hacking this month that held China accountable for the Microsoft Exchange hack.

Zhao Lijian, spokesman for China’s Foreign Ministry, accused western powers of using the recent scandal to score political points.

"The United States ganged up with its allies to make unwarranted accusations against Chinese cyber security,” Zhao said.

"This was made up out of thin air and confused right and wrong.”

[Related: Australia joins chorus of democracies condemning China’s global cyber attacks]

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.