Skip to main content
Complete Olympic Games coverage at your fingertips
Your inside track on the Olympic Games
Enjoy unlimited digital access
$1.99
per week for 24 weeks
Complete Olympic Games coverage at your fingertips
Your inside track onthe Olympics Games
$1.99
per week
for 24 weeks
// //

Western governments said on Monday they are highly confident that hackers under the control of China’s Ministry of State Security breached the security of Microsoft Exchange, affecting 400,000 e-mail servers worldwide.

Steven Senne/The Associated Press

Canada joined the United States and other global allies, including NATO, in collectively condemning China on Monday for masterminding a sophisticated hack of Microsoft services in early 2021, but they stopped short of imposing sanctions on Beijing.

The broad coalition, which also includes the United Kingdom, the European Union, New Zealand and Japan, says state actors affiliated with the People’s Republic of China (PRC) gained access to computer networks around the world.

The cyber attack on Microsoft – believed to have taken place in January and discovered in early March – breached tens of thousands of computers worldwide and allowed the hackers to obtain sensitive data from personal, business and government computer systems.

Story continues below advertisement

Western governments said on Monday they are highly confident that hackers under the control of China’s Ministry of State Security breached the security of Microsoft Exchange, affecting 400,000 e-mail servers worldwide.

“This activity put several thousand Canadian entities at risk – a risk that persists in some cases even when patches from Microsoft have been applied,” Foreign Affairs Minister Marc Garneau said in a statement on Monday. “Canada is confident that the PRC’s Ministry of State Security (MSS) is responsible for the widespread compromising of the Exchange servers.”

The United States and its allies accused China on July 19 of a global cyberespionage campaign, mustering an unusually broad coalition of countries to publicly call out Beijing for hacking. This report produced by Chris Dignam. Reuters

Mr. Garneau said several cybergroups in China are believed to have taken part in the operation, including Advanced Persistent Threat Group 40 (APT 40), which he said consists of elements of the Minister of State Security’s Hainan State Security Department. He revealed that the same group had targeted Canadian sectors in the past.

“This group’s cyber activities targeted critical research in Canada’s defence, ocean technologies and biopharmaceutical sectors in separate malicious cybercampaigns in 2017 and 2018,” he said. “These actors are highly sophisticated and have demonstrated an ability to achieve sustained, covert access to Canadian and allied networks beyond the compromising of Microsoft exchange servers.”

In a statement, a spokesman for China’s embassy in Washington said the claim by the U.S. and its allies was “groundless” and a “malicious smear” against Beijing.

“The Chinese government and relevant personnel never engage in cyber attacks or cyber theft,” spokesman Liu Pengyu said. “It is irresponsible and ill-intentioned to accuse a particular party when there is no sufficient evidence around.”

China signed an agreement in 2015 with U.S. president Barack Obama, and with Prime Minister Justin Trudeau in 2017 to stop conducting state-sponsored cyberattacks aimed at stealing private-sector trade secrets and proprietary technology.

Story continues below advertisement

That deal only covered economic espionage – hacking corporate secrets – and did not preclude China from conducting state-sponsored cyberattacks against the Canadian government or military, as it did in 2014, when Chinese hackers broke into the main computers at the National Research Council.

Former Canadian Security Intelligence Service director Richard Fadden, who also was national security adviser to Mr. Trudeau and prime minister Stephen Harper, said Beijing can’t be trusted and Canada needs to increase its cyber defences and even hit back at China.

“Agreement or not with China, the potential benefits of cyber attacks of various kinds on the West’s private sector are too great for us to expect China to cease its attacks,” he said. “We should follow up our recognition of China’s ongoing intent by consciously increasing our defensive measures and, if necessary, contemplate appropriate pushback.”

The Chinese embassy in Ottawa was not immediately available for comment.

In concert with allies, Canada has become more willing to criticize Beijing after a vote in Parliament declared it has committed genocide against its Uyghur minority, and in the midst of a brutal crackdown on political dissidents in Hong Kong – despite concerns about Beijing’s imprisonment of Canadians Michael Spavor and Michael Kovrig.

U.S. Secretary of State Antony Blinken said in a statement that Western countries are holding Beijing “accountable for its pattern of irresponsible, disruptive and destabilizing behaviour” in cyberspace, which poses a major threat to “our economic and national security.” He accused China’s Ministry of State Security of fostering an “ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain.”

Story continues below advertisement

British Foreign Secretary Dominic Raab called China’s actions “a reckless but familiar pattern of behaviour,” and urged Beijing to end “this systematic cyber sabotage,” adding that it can expect to be held to account if it does not.

Although the coalition of democratic countries did not impose sanctions on China, the U.S. Justice Department said four Chinese nationals – three security officials and one contract hacker – have been charged in a global hacking campaign aimed at dozens of companies, universities and government agencies in the United States and abroad. The activities took place between 2011 and 2018 and focused on information that would significantly benefit Chinese businesses.

“Western countries have generally taken the position that while we engage in espionage to protect our respective states, we do not do so to collect information to advantage Western companies; something of which the Chinese have often been accused,” former CSIS director Ward Elcock said.

NATO also joined in the condemnation – the first time the military alliance, founded in 1949 to confront the Soviet Union, has signed on to a formal censure of China’s cyber activities.

“We call on all states, including China, to uphold their international commitments and obligations and to act responsibly in the international system, including in cyberspace,” NATO said in a statement.

Reuters reported that U.S. security and intelligence agencies will outline more than 50 techniques and procedures that “China state-sponsored actors” use in targeting U.S. and allied networks.

Story continues below advertisement

According to a 31-page U.S. cybersecurity advisory seen by Reuters, Chinese state-sponsored hackers consistently scan networks for critical vulnerabilities within days of a vulnerability’s public disclosure.

The U.S. under President Joe Biden has begun a coalition of Western nations to oppose China’s military buildup, its crackdown on democracy activists in Hong Kong, the treatment of Uyghurs in the Xinjiang region and aggression in the South China Sea.

On Friday, the Biden administration warned U.S. businesses about risks to their operations and activities in Hong Kong after China imposed a new national security law there last year.

With reports from James Griffiths and Reuters

Know what is happening in the halls of power with the day’s top political headlines and commentary as selected by Globe editors (subscribers only). Sign up today.

Your Globe

Build your personal news feed

  1. Follow topics and authors relevant to your reading interests.
  2. Check your Following feed daily, and never miss an article. Access your Following feed from your account menu at the top right corner of every page.

Follow the author of this article:

Follow topics related to this article:

View more suggestions in Following Read more about following topics and authors
Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies