Chinese Deny Complicity in Cyber ‘Threat Actor’ That Microsoft Calls Hafnium
China “firmly opposes and combats” cyberattacks and cybertheft “in all forms,” said a Foreign Affairs Ministry spokesperson when asked Wednesday about Microsoft’s disclosures of a new “state-sponsored threat actor” based in China it named Hafnium. Microsoft said the hacking group preys on infectious disease researchers, law firms, universities, defense contractors and think tanks. China considers it “a highly sensitive political issue to pin the label of cyber attack to a certain government,” said the spokesperson. "We hope that relevant media and companies will adopt a professional and responsible attitude and underscore the importance to have enough evidence when identifying cyber-related incidents, rather than make groundless accusations.” Though Hafnium is based in China, it conducts its operations from leased virtual private servers in the U.S., blogged Tom Burt, Microsoft corporate vice president-customer security and trust. Hafnium uses “previously undiscovered vulnerabilities” to gain access to network servers by disguising itself “as someone who should have access,” said Burt Tuesday. It creates a “web shell” to control the compromised server remotely and uses that remote access “to steal data from an organization’s network,” he said. “We need more information to be shared rapidly about cyberattacks to enable all of us to better defend against them. That is why Microsoft President Brad Smith recently told the U.S. Congress that we must take steps to require reporting of cyber incidents.”