Microsoft Exchange server attacks were carried out by China, claim U.S. and UK

Microsoft logo
Microsoft logo (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • The EU and UK released statements claiming that the recent attacks on Microsoft Exchange servers came from China.
  • The UK government states that Chinese state-backed groups were behind the attacks.
  • The EU does not directly accuse the Chinese government of being involved but hints in that direction.

The United States (U.S.), European Union (EU), and United Kingdom (UK) claim that the recent attacks on Microsoft Exchange servers came from China. The U.S. and UK specifically point towards the Chinese government, stating that Chinese state-backed actors were behind the attacks.

The attacks on Microsoft Exchange servers affected thousands of organizations. Cybercriminals raced to take advantage of discovered vulnerabilities and Microsoft quickly mitigated issues. Microsoft also released a one-click mitigation tool to help organizations protect against attackers.

Both the EU and UK say that the Chinese Ministry of State Security was responsible for other espionage activity, as reported by the BBC.

"The cyber-attack on Microsoft Exchange Servers by Chinese state-backed groups was a reckless but familiar pattern of behaviour," said UK foreign secretary Dominic Raab. "The Chinese government must end this systematic cyber-sabotage and can expect to be held to account if it does not."

The UK government issued a release detailing its accusations. It says that "Widespread, credible evidence demonstrates that sustained, irresponsible cyber activity emanating from China continues."

At the end of its release, the UK government calls on China to "reaffirm the commitment made to the UK in 2015 and as part of the G20 not to conduct or support cyber-enabled theft of intellectual property of trade secrets."

In March 2021, Microsoft explained that a group known as Hafnium operates out of China and was behind the attacks on Exchange servers. This situation, and many more, have led to the White House's July 19, 2021 statement on the matter.

The EU statement shares a similar tone to its U.S. counterpart:

The EU and its member states strongly denounce these malicious cyber activities, which are undertaken in contradiction with the norms of responsible state behaviour as endorsed by all UN member states. We continue to urge the Chinese authorities to adhere to these norms and not allow its territory to be used for malicious cyber activities, and take all appropriate measures and reasonably available and feasible steps to detect, investigate and address the situation.

While the EU does not accuse the Chinese government of backing the groups behind the attacks, the organization does urge Chinese authorities to not allow China to be used for malicious cyber activities.

The EU also detected "malicious cyber activities" targetting government institutions and political organizations in the EU, its member states, and several industries in Europe. The UK reports the same activities, known as "APT40" and APT31" by cybersecurity experts.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at