The US has led allies in a sharp condemnation of China for “malicious” cyberattacks, including a hack of Microsoft Exchange email server software that compromised tens of thousands of computers around the world earlier this year.
The US justice department on Monday charged four Chinese nationals with hacking, as Washington accused Beijing of extortion and threatening national security.
The Microsoft hack affected at least 30,000 US organisations including local governments as well as entities worldwide and was disclosed in March.
Antony Blinken, the secretary of state, accused China of being responsible and said it was part of a “pattern of irresponsible, disruptive and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security”.
Blinken added in a statement that China’s “Ministry of State Security (MSS) has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain”.
The announcements highlighted the cyberthreat posed by Chinese government hackers even as Joe Biden’s administration has been consumed with trying to curb ransomware attacks from Russia-based syndicates that have targeted critical infrastructure, including a massive fuel pipeline.
The administration and allied nations also disclosed a range of other cyberthreats from Beijing, including ransomware attacks from government-affiliated hackers that have targeted companies with demands for millions of dollars.
The MSS has been using criminal contract hackers, who have engaged in cyber extortion schemes and theft for their own profit, according to a senior US administration official who did not wish to be named.
The US, European Union, Britain, Australia, Canada, New Zealand, Japan and Nato are united against the threat, the official said. It is the first time Nato, a military alliance founded in 1949, has joined a formal condemnation of China’s cyber activities.
Meanwhile, the US justice department announced charges against four Chinese nationals – three security officials and one contract hacker – who prosecutors said were working with the MSS in a hacking campaign that targeted dozens of computer systems, including companies, universities and government entities, between 2011 and 2018.
The campaign targeted trade secrets in industries including aviation, defence, education, government, health care, biopharmaceutical and maritime industries, a justice department statement said.
Blinken said: “As evidenced by the indictment of three MSS officers and one of their contract hackers unsealed by the Department of Justice today, the United States will impose consequences on [Chinese] malicious cyber actors for their irresponsible behavior in cyberspace.”
The EU and Britain also pointed the finger at China. The EU said malicious cyber activities with “significant effects” that targeted government institutions, political organisations and key industries in the bloc’s 27 member states could be linked to Chinese hacking groups.
In a statement, the EU foreign policy chief, Josep Borrell, said the hacking was “conducted from the territory of China for the purpose of intellectual property theft and espionage”.
The UK National Cyber Security Centre said the groups targeted maritime industries and naval defence contractors in the US and Europe and the Finnish parliament.
This year has seen a slew of prominent ransomware strikes that have disrupted a major US pipeline, a meat processor and the software firm Kaseya, which affected 1,500 businesses.
The majority of the most damaging and high-profile recent such attacks have involved Russian criminal gangs. Though the US has sometimes seen connections between Russian intelligence agencies and individual hackers, the use of criminal contract hackers by the Chinese government “to conduct unsanctioned cyber operations globally is distinct,” the US official said.
Jen Psaki, the White House press secretary, faced questions on Monday over why the US was not retaliating with economic sanctions, as it has done with Russia.
“We are actually elevating and taking steps to not only speak out publicly but certainly take action as it relates to problematic cyberactivities from China – in a different way – but as we have from Russia as well,” Psaki said. “We are not differentiating.”
The press secretary denied that Washington was reluctant to impose sanctions because the US economy relies heavily on Chinese imports.
“We are not holding back,” she said. “We are not allowing any economic circumstance or consideration to prevent us from taking actions where warranted.
“And also, we reserve the option to take additional actions where warranted as well. This is not the conclusion of our efforts as it relates to cyber activities with China or Russia.”
Psaki added: “We of course will continue to be in touch with Chinese officials at high level and that will be the case in these regards as well.”
An administration official said the government’s attribution of the Microsoft attack to hackers affiliated with the MSS took until now in part because of the discovery of the ransomware and for-profit hacking operations and because the administration wanted to pair the announcement with guidance for businesses about tactics the Chinese have been using.
The US attributes the attack to “malicious cyber actors affiliated with the MSS with high confidence”, a senior administration official said.
An advisory issued on Monday by the FBI, the National Security Agency and the Cybersecurity and Infrastructure Security Agency laid out specific techniques and ways that government agencies and businesses can protect themselves.
The unusually strident criticism threatens another rift in a US-China relationship already strained by trade, China’s military buildup, a crackdown on democracy activists in Hong Kong, treatment of the Uyghurs in the Xinjiang region and aggression in the South China Sea.
Last month G7 and Nato leaders agreed with Biden at summits in the UK and Belgium in accusing China of posing systemic challenges to the global order.
A Chinese foreign ministry spokesperson, asked about the Microsoft Exchange hack, has said China “firmly opposes and combats cyber attacks and cyber theft in all forms” and cautioned that attribution of cyber-attacks should be based on evidence and not “groundless accusations”.