US, UK, EU, and NATO Claim China Was Behind Microsoft Hack

The accusation could be a pretext for sanctions or other actions

The US, EU, UK, NATO, and other allies on Monday accused China of being behind the hack of the Microsoft Exchange Server that was discovered earlier this year and vowed to work together against Beijing’s “destabilizing behavior in cyberspace.”

Similar to US accusations against Russia over cyberactivity, no evidence has been offered to prove that China was behind the Microsoft hack. When Microsoft first announced the cyber intrusion in March, the company released a statement that said it determined with “high confidence” that a group name Hafnium was responsible, which Microsoft assessed “to be state-sponsored and operating out of China, based on observed victimology, tactics, and procedures.”

Months later, the US and its allies are backing up the Microsoft assessment. A US official told reporters on Sunday that the US government assessed with “high confidence” that hackers affiliated with China’s Ministry of State Security (MSS) were behind the intrusion, but it’s not clear how that assessment was reached. The UK’s Cyber Security Center declared that it is “highly likely Hafnium is associated with the Chinese state.”

The attribution is significant since it marks the first time NATO has accused China of “malicious” cyber activity. The alliance recently added cyberattacks to the list of things that could make NATO invoke the Article 5 mutual defense clause. Meaning, an alleged cyberattack could trigger a war with all 30 of NATO’s members.

The Justice Department unsealed indictments on Monday against four Chinese nationals for allegedly coordinating a hacking campaign on behalf of the MSS between 2011 and 2018. In a statement, Secretary of State Antony Blinken pointed to the DOJ charges as evidence that the US “will impose consequences on PRC [People’s Republic of China] malicious cyber actors for their irresponsible behavior in cyberspace.”

The US hasn’t threatened other actions, but the accusation against China could be a pretext for sanctions. The US used claims of cyberattacks against Russia to impose sanctions and kick out Russian diplomats. Now that the accusation is out there, China hawks in Congress and in the media will likely push for some type of action against Beijing.

Author: Dave DeCamp

Dave DeCamp is the news editor of, follow him on Twitter @decampdave.