Eric Tucker
Associated Press
Washington (Associated Press) – The Biden administration and Western allies have officially accused China of large-scale intrusion into Microsoft Exchange email server software, and accused Beijing of cooperating with criminal hackers on ransomware and other illegal network operations.
Although these announcements are not accompanied by sanctions on the Chinese government, they are intended to strongly condemn the activities of senior officials in the Biden administration calling them part of the “irresponsible behavior pattern in cyberspace.” They highlighted the continuing threat from hackers from the Chinese government, even though the government is still working hard to contain ransomware attacks by Russian groups targeting critical infrastructure.
The widespread cyber threats from Beijing disclosed on July 19 included a ransomware attack from government affiliated hackers, which targeted victims—including in the United States—and demanded millions of dollars. US officials stated that China’s Ministry of National Security has been using criminal contract hackers who engage in cyber extortion and theft for personal gain, the official said.
At the same time, the Ministry of Justice announced charges against four Chinese citizens, and prosecutors said they were cooperating with the Ministry of National Security in hacking dozens of computer systems, including companies, universities, and government entities. The defendant was accused of stealing trade secrets and confidential business information.
Unlike in April publicly accusing Russia of hacking and a series of sanctions against Moscow, the Biden administration has not announced any action against Beijing. Nonetheless, a senior government official who briefed reporters said that the United States has clashed with senior Chinese officials, and the White House regards the public humiliation of many countries as sending out an important message.
Even without new sanctions, these actions may exacerbate tensions with China at delicate moments. Just last week, the United States issued a separate severe warning about transactions with entities operating in the Xinjiang region of western China, where China is accused of suppressing Uighur Muslims and other minorities. Then on July 16, the government notified American companies of Hong Kong’s deteriorating investment and business environment. China has been cracking down on the democratic freedoms it promised to respect in this former British colony.
The European Union and the United Kingdom have also called on China. The EU stated that malicious cyber activities with “significant impact” targeting government agencies, political organizations and key industries in the 27 EU member states may be related to Chinese hacker organizations.
The UK’s National Cyber Security Centre stated that the targets of these groups are the maritime industry and naval defense contractors in the United States and Europe, as well as the Finnish Parliament.
In a statement, EU foreign policy chief Josep Borrell stated that the hacking was “conducted within China with the purpose of stealing intellectual property rights and engaging in espionage activities.”
British Foreign Secretary Dominic Raab stated that “the Microsoft Exchange cyberattack initiated by a group supported by the Chinese government is a reckless but familiar pattern of behavior”.
NATO publicly condemned China’s hacking activities for the first time, calling on Beijing to abide by its international commitments and obligations, and “act responsibly in the international system, including cyberspace.” The alliance stated that it is determined to “actively deter, defend and respond to a full range of cyber threats.”
The senior government official said that the involvement of hackers under the Ministry of National Security in ransomware is surprising and worries the US government.
However, in this attack, an unidentified US company received a high ransom demand, which also gave US officials a new understanding of what the official said “we saw aggression from China.”
Most of the most destructive and high-profile recent ransomware attacks have involved Russian criminal groups. The official said that although the United States sometimes finds links between Russian intelligence agencies and individual hackers, the Chinese government’s use of criminal contract hackers to “perform unauthorized cyber operations on a global scale” is completely different.
A few months ago, Microsoft Exchange hackers hacked tens of thousands of computers around the world and were quickly blamed on Chinese cyber espionage by private sector groups. A government official said that the government has always blamed hackers under the Ministry of National Security of China, partly because of the discovery of ransomware and for-profit hacking activities, and the government hopes to combine the announcement with corporate strategy guidelines. The Chinese have been using it. .
An advisory report issued by the FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency on July 19 listed specific technologies and methods that government agencies and companies can protect themselves.
A spokesperson for the Chinese Embassy in Washington did not immediately respond to an email seeking comment on July 19. However, a spokesperson for the Chinese Ministry of Foreign Affairs has previously shifted the accusation of the Microsoft Exchange hacking, saying that China “resolutely opposes and combats cyber attacks and cyber theft. All forms” and warned that the attribution of cyber attacks should be based on evidence, not “ Baseless allegations”.
