The Biden administration has blamed China for a hack of Microsoft Exchange email server software that compromised tens of thousands of computers around the world earlier this year.
A senior US official said the Microsoft Exchange attack was “the kind of aggressive behavior that we’re seeing coming out of China”.
The announcements highlighted the cyberthreat posed by Chinese government hackers even as the Biden administration has been consumed with trying to curb ransomware attacks from Russia-based syndicates that have targeted critical infrastructure, including a massive fuel pipeline.
The administration and allied nations also disclosed a range of other cyberthreats from Beijing, including ransomware attacks from government-affiliated hackers that have targeted companies with demands for millions of dollars.
China’s ministry of state security has been using criminal contract hackers, who have engaged in cyber extortion schemes and theft for their own profit, according to a senior US administration official. That official briefed reporters about the investigation on the condition of anonymity.
Nel frattempo, the US justice department announced charges against four Chinese nationals who prosecutors said were working with the ministry of state security in a hacking campaign that targeted dozens of computer systems, including companies, universities and government entities.
Even though the finger-pointing was not accompanied by any sanctions of Beijing, a senior administration official who disclosed the actions to reporters said that the US has confronted senior Chinese officials and that the White House regards the multination public shaming as sending an importance message.
That hackers affiliated with the ministry of state security carried out a ransomware attack was surprising and concerning to the US government, disse il funzionario. But the attack, in which an unidentified American company received a high-dollar ransom demand, also gave US officials new insight.
The EU and Britain also pointed the finger at China. The EU said malicious cyber activities with “significant effects” that targeted government institutions, political organizations and key industries in the bloc’s 27 member states could be linked to Chinese hacking groups.
The UK National Cyber Security Centre said the groups targeted maritime industries and naval defense contractors in the US and Europe and the Finnish parliament.
In una dichiarazione, the EU foreign policy chief, Josep Borrell, said the hacking was “conducted from the territory of China for the purpose of intellectual property theft and espionage”.
The Microsoft Exchange cyber-attack “by Chinese state-backed groups was a reckless but familiar pattern of behaviour,” the UK foreign secretary, Dominic Raab said.
The majority of the most damaging and high-profile recent ransomware attacks have involved Russian criminal gangs. Though the US has sometimes seen connections between Russian intelligence agencies and individual hackers, the use of criminal contract hackers by the Chinese government “to conduct unsanctioned cyber operations globally is distinct,” the US official said.
The Microsoft Exchange hack was identified in January and rapidly attributed to Chinese cyber spies by private sector groups. An administration official said the government’s attribution to hackers affiliated with China’s ministry of state security took until now in part because of the discovery of the ransomware and for-profit hacking operations and because the administration wanted to pair the announcement with guidance for businesses about tactics that the Chinese have been using.
An advisory issued on Monday by the FBI, the National Security Agency and the Cybersecurity and Infrastructure Security Agency laid out specific techniques and ways that government agencies and businesses can protect themselves.
The White House also wanted to line up an international coalition of allies to call out China, according to the US official, who said it was the first time Nato had condemned Beijing’s hacking operations.
A Chinese foreign ministry spokesperson, asked about the Microsoft Exchange hack, has said China “firmly opposes and combats cyber attacks and cyber theft in all forms” and cautioned that attribution of cyber-attacks should be based on evidence and not “groundless accusations”.