The US and a coalition of allies on Monday accused China’s ministry of state security of a global hacking campaign, specifically attributing a large Microsoft attack disclosed earlier this year to hackers working on Beijing’s behalf.
Opening a new area of tensions with China, the US is joined by Nato, the European Union, Britain, Australia, Japan, New Zealand and Canada to level the allegations, according to a White House fact sheet released on Monday morning.
“The US and countries around the world are holding the People’s Republic of China accountable for its pattern of irresponsible, disruptive and destabilising behaviour in cyberspace, which poses a major threat to our economic and national security,” US secretary of state Anthony Blinken said in a statement.
Also on Monday, the US justice department announced that four Chinese nationals were charged for a global hacking campaign aimed at dozens of companies, universities and government agencies in the US and abroad between 2011 and 2018 that focused on information that would significantly benefit Chinese companies and businesses.
The opening of a new front in the governments’ war against hacking comes a month after G7 and Nato leaders agreed with President Joe Biden at summits in Cornwall, England, and Brussels in accusing China of posing systemic challenges to the world order.
Exchange Server
The governments formally attributed intrusions exploiting vulnerabilities in the Microsoft Exchange Server that were disclosed in March “cyber actors affiliated with” China’s ministry of state security, Blinken said. He cited the indictment of the three security officers and the hacker as an example of how the US will impose consequences.
The Chinese embassy in Washington did not immediately respond to a request for comment. Chinese officials have previously said China is also a victim of hacking and opposes all forms of cyberattacks.
US federal agencies, including the National Security Council, the FBI and the National Security Agency, will outline more than 50 techniques and procedures that “China state-sponsored actors” use in targeting US networks, a senior administration official said.
Chinese state-sponsored cyber actors consistently scan target networks for critical and high vulnerabilities within days of the vulnerability’s public disclosure, the 31-page US cybersecurity advisory says. US officials said the scope and scale of hacking attributed to China has surprised them, along with China’s use of “criminal contract hackers”.
“The PRC’s ministry of state security has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain,” Blinken said.
The US in recent months has focused heavy attention on Russia in accusing Russian cyberhackers of a string of ransomware attacks in the US. In Monday’s announcement, US officials formally blamed the Chinese government “with high confidence” for the hack that hit businesses and government agencies in the US using a Microsoft e-mail service. Microsoft has already accused China of responsibility.
The operation specifically exploited weaknesses in Microsoft’s Exchange Server. Cybersecurity experts were shaken by the scale and volume of the incident, totalling thousands of potential US victims.
The senior Biden administration official said US concerns about Chinese cyber activities have been raised with senior Chinese officials. “We’re not ruling out further action to hold the PRC accountable,” the official said.
Loggerheads
The US and China have already been at loggerheads over trade, China’s military build-up, a crackdown on democracy activists in Hong Kong, treatment of the Uyghurs in the Xinjiang region and aggression in the South China Sea.
On Friday, the Biden administration issued an advisory to warn US businesses about risks to their operations and activities in Hong Kong after China’s imposition of a new national security law there last year. — Reported by Steve Holland and David Shepardson, with additional reporting by Lisa Lambert and Doina Chiacu(c) 2021 Reuters
