Biden’s administration and its allies in the West officially blamed China Monday for the large hack of Microsoft Exchange email software. They also accused Beijing of cooperating with criminal hackers to launch ransomware attacks and other illegal cyber operations.
Although not accompanied with sanctions against China, the announcements were meant to forcefully condemn activities that a senior Biden administration official said were part of a “pattern for irresponsible behaviour in cyberspace.” The administration is still focused on reducing ransomware attacks by Russia-based syndicates who have targeted critical infrastructure.
A ransomware attack by government-affiliated hackers targeted victims in the U.S. with demands for millions of dollar. Officials from the United States claim that China’s Ministry of State Security used criminal contract hackers to steal and carry out cyber extortion schemes for their own benefit.
On Monday, the Justice Department announced that four Chinese nationals were charged with hacking against dozens of computers systems. The campaign included universities, companies and government agencies. They are accused of stealing trade secrets as well as confidential business information.
Contrary to April , when the public finger-pointing at Russian hacking was paired with a series of sanctions against Moscow. The Biden administration didn’t announce any action against Beijing. A senior administration official briefed reporters that the U.S. had confronted Chinese officials and that the White House considers the multination public shame as a powerful message.
Even without new sanctions, Monday’s actions are likely to increase tensions with China in a delicate moment. Separate warnings were issued by the U.S. last week regarding transactions with entities operating in China’s western Xinjiang, where China is accused repressing Uyghur Muslims, and other minorities. On Friday, the administration sent a warning to American companies about the declining investment and commercial climate in Hong Kong. This is where China has been repressing democratic freedoms that it pledged to uphold in the former British colony.
Britain and the European Union also called out China. EU claimed that malicious cyber activities could have “significant effects” on government institutions, political organisations and key industries within the 27 member countries. These activities could be connected to Chinese hacking groups. According to the U.K.’s National Cyber Security Centre, the hackers targeted the maritime industries as well as naval defense contractors in Europe and the U.S., and the Finnish Parliament.
Josep Borrell, EU foreign policy chief, stated that the hacking was carried out from China to steal intellectual property and spy on others.
Dominic Raab, U.K. Foreign Secretary, stated that the cyberattack on Microsoft Exchange by Chinese state-backed groups “was a reckless but common pattern of behaviour.”
NATO condemned China’s hacking activities for the first time, and called on Beijing “to uphold its international obligations and to act responsibly in international system, including cyberspace.”
The U.S. government was surprised and concerned to learn that hackers associated with the Ministry of State Security were involved in ransomware, according to a senior administration official. The attack in which an unidentified American firm received a ransom demand for a large sum of money also provided U.S. officials with new insights into the “aggressive behavior” that China is displaying.
Russian criminal gangs have been responsible for the majority of recent ransomware attacks. Although the U.S. may have seen some connections between Russian intelligence agencies, individual hackers, the Chinese government’s use of criminal contract hackers “to conduct global cyber operations is different,” the official stated.
Private sector groups quickly attributed the Microsoft Exchange hack that compromised thousands of computers worldwide months ago to Chinese cyber spies. A government official stated that the government had not yet attributed hackers to China’s Ministry of State Security. This was partly due to the discovery of ransomware and for profit hacking operations, and because the administration wanted guidance for businesses on the tactics used by the Chinese.
Monday’s advisory from the FBI, Cybersecurity and Infrastructure Security Agency and the National Security Agency outlined specific techniques and ways government agencies and businesses can be protected.
The spokesperson for China’s Embassy in Washington didn’t immediately respond to an email Monday seeking comment. A spokesperson for China’s Foreign Ministry said that China “firmly opposes” cyber attacks and cyber theft in any form. He also cautioned that cyberattacks should not be attributed based on “groundless allegations.”