3 May 2021

China’s Microsoft Exchange Cyberattack Puts Biden in a Bind


Emily Taylor 

The U.S. had barely begun its recovery from the SolarWinds compromise, when another large-scale, state-sponsored cyberattack came to light in January. Like the SolarWinds hack, the Microsoft Exchange Server data breach exploited several zero-day vulnerabilities and has been attributed to a nation-state. But unlike SolarWinds, while the Microsoft attack was initially a targeted attack, it went on to create widespread collateral damage, leading some commentators to characterize it as “reckless.” Microsoft has attributed the compromise to a Chinese state-sponsored espionage group called “Hafnium.”

Recent U.S. sanctions against Russia, in part motivated by the SolarWinds attack, have given rise to an expectation that the U.S. will respond against China for its alleged role in the Microsoft hack. Yet, so far, the U.S. response has been practical rather than symbolic, and domestic rather than geopolitical. More generally, invocations by the U.S. of the rules-based international order ring hollow given the lack of agreed norms for responsible state behavior in cyberspace.

No comments: