CDC experts advise third dose of Pfizer Covid vaccine for over-65s and high risk

Chinese state-sponsored hacking is at record levels, western experts say, accusing Beijing of engaging in a form of low-level warfare that is escalating despite US, British and other political efforts to bring it to a halt.

There are accusations too that the clandestine activity, which has a focus on stealing intellectual property, has become more overt and more reckless, although Beijing consistently denies sponsoring hacking and accuses critics of hypocrisy.

Jamie Collier, a consultant with Mandiant, a cybersecurity firm whose work is often cited by intelligence agencies, said the level of hacking emerging from China in 2021 was “a more kind of severe threat than we previously anticipated”.

That culminated, in July, with the US, the EU, Nato, the UK and four other countries all accusing Beijing of being behind a massive exploitation of vulnerabilities in Microsoft’s widely used Exchange company server software in March. In some cases they blamed China’s Ministry of State Security (MSS) for directing the activity.

It affected about 250,000 organisations worldwide, allowing hackers from a group, which Microsoft has named Hafnium, to siphon off company emails for espionage, with the help of an easy to use “web shell” tool allowing anybody with the right password to hack into a compromised Exchange server.

Once Microsoft was publicly alerted to the activity, attacks were rapidly stepped up on organisations that had not patched Exchange. Criminals, now aware of what was happening, were able to exploit the web shells, and in some cases they were booby-trapped if deleted – a brazen aspect of the hacking that surprised experts.

Read more: