Chinese hacking groups accused of coordinating recent cyber attacks

It seems like hacking incidents have become more and more prevalent in recent times, and they show no signs of letting up. Several recent attacks have something in common: the alleged perpetrators are hacker groups operating out of China. 

Read on to find out more about three of these occurrences. 

  1. Microsoft Exchange Server email software exploitation

In March 2021, Microsoft announced that multiple on-premises versions of Microsoft Exchange Server were being targeted by 0-day exploits. Microsoft Threat Intelligence Center (MSTIC) said that a Chinese group known as HAFNIUM, who they believed to be state-sponsored, was behind the attack. Microsoft quickly released new patches to deal with the security vulnerabilities the hackers were exploiting. According to Krebs on Security, at least 30,000 organizations throughout the US were affected. These included towns, cities, local governments, and small businesses. 

  1. A new SolarWinds attack

In July 2021, MSTIC reported that a 0-day exploit was launched against SolarWinds’ Serv-U FTP software. The exploitation, which was first discovered in a routine Microsoft 365 Defender scan, would allow attackers the ability to do things like install and run malicious payloads, as well as view and change data. Microsoft attributed the attack to DEV-0322, a group based in China that they observed: “using commercial VPN solutions and compromised consumer routers in their attacker infrastructure”. This came on the heels of the attack on SolarWinds infrastructure by a Russian hacking group, revealed in January this year, which has been described as one of the largest cyberattacks ever. 

  1. Attacks against Telcos in Southeast Asia

Most recently, Cybereason released an investigative report revealing that the telecommunications industry across Southeast Asia had been targeted by various groups thought to be connected to known threat actors based in China. The attacks were maintained over several years, some going as far back as 2017. Cybereason assessed that the groups Soft Cell, Naikon APT, and Group-3390 were behind the various attacks and speculated that they might have been working together in some instances. The assumed goal of these exploits was to gain access to sensitive information about the targeted companies and their customers. 


While the US and several other Western countries spoke out in July, accusing China of embarking on a “global hacking spree” and cyber espionage campaign, China vehemently denied the accusations, saying they were irresponsible and fabricated. Whatever the case may be, these attacks combined with the countless cyberattacks occurring worldwide in recent times highlight the importance of infrastructure providers continually addressing vulnerabilities and users updating software as soon as possible when new patches and updates are released.

Share on Twitter, Facebook, Google+