The Biden administration and Western allies formally blamed China on Monday for a massive hack of Microsoft Exchange email server software and accused Beijing of working with criminal hackers in ransomware attacks and other cyber operations.
The announcements, though not accompanied by sanctions against the Chinese government, were intended as a forceful condemnation of activities a senior Biden administration official described as part of a “pattern of irresponsible behavior in cyberspace.” They highlighted the ongoing threat from Chinese government hackers even as the administration remains consumed with trying to curb ransomware attacks from Russia-based syndicates that have targeted critical infrastructure.
The broad range of cyberthreats from Beijing disclosed on Monday included ransomware attacks from government-affiliated hackers that have targeted victims — including in the US — with demands for millions of dollars. US officials allege that China’s Ministry of State Security has been using criminal contract hackers who have engaged in cyber extortion schemes and theft for their own profit, officials said.
Meanwhile, the Justice Department on Monday announced charges against four Chinese nationals who prosecutors said were working with the Ministry of State Security in a hacking campaign that targeted dozens of computer systems, including companies, universities, and government entities. The defendants are accused of stealing trade secrets and confidential business information.
Unlike in April, when public finger-pointing of Russian hacking was paired with a raft of sanctions against Moscow, the Biden administration did not announce any actions against Beijing. Nonetheless, a senior administration official who briefed reporters said that the US has confronted senior Chinese officials and that the White House regards the multination public shaming as sending an important message.
The European Union and Britain also called out China. The EU said malicious cyber activities with “significant effects” that targeted government institutions, political organizations and key industries in the bloc’s 27 member states could be linked to Chinese hacking groups. The UK’s National Cyber Security Centre said the groups targeted maritime industries and naval defense contractors in the U.S. and Europe and the Finnish parliament.
In a statement, EU foreign policy chief Josep Borrell said the hacking was “conducted from the territory of China for the purpose of intellectual property theft and espionage.”
The Microsoft Exchange cyberattack “by Chinese state-backed groups was a reckless but familiar pattern of behavior,” UK Foreign Secretary Dominic Raab said.
NATO, in its first public condemnation of China for hacking activities, called on Beijing to uphold its international commitments and obligations “and to act responsibly in the international system, including in cyberspace.” The alliance said it was determined to “actively deter, defend against and counter the full spectrum of cyber threats.”
That hackers affiliated with the Ministry of State Security were engaged in ransomware was surprising and concerning to the US government, the senior administration official said. But the attack, in which an unidentified American company received a high-dollar ransom demand, also gave US officials new insight into what the official said was “the kind of aggressive behavior that we’re seeing coming out of China.”
- Russia categorically denies latest US, UK hacking allegations
- Biden administration eyes cybersecurity funding after ransomware, hacking attacks
- US discloses hacking methods it says are used by Russia
- US President Biden announces sanctions on Russia, expels 10 diplomats for hacking
- Biden eyes Russia retaliation after review of meddling, hacking
- US sanctions seven China officials over Hong Kong crackdown
- US President Biden, Germany’s Merkel vow common front on Russia, China
- Former VP Pence calls on US President Biden to get tougher on China, COVID-19 origins
- China condemns ‘unreasonable suppression’ as US expands economic blacklist